posting login credentials and __VIEWSTATE using HttpWebRequest fails

Discussion in 'ASP .Net' started by msnews.microsoft.com, May 10, 2006.

  1. I have been raking my brains on why this does not work. I get back the same
    login screen again instead of the home page redirection which should occur
    after a successful login:

    'create a cookie container so it can be shared between requests
    so that authentication can be maintained
    Dim objCookieCont As New CookieContainer

    'create request to get the __VIEWSTATE of Authorize.NET's
    Logon.aspx page
    Dim objRequest As HttpWebRequest =
    WebRequest.Create("https://account.authorize.net/ui/themes/anet/Logon.aspx")
    objRequest.CookieContainer = objCookieCont

    'get initial Logon page
    Dim objReader As New
    IO.StreamReader(objRequest.GetResponse().GetResponseStream())
    Dim strResponseString As String = objReader.ReadToEnd()
    objReader.Close()

    'parse page for VIEWSTATE value
    Dim objRegEx As New Regex("__VIEWSTATE"" value="".*""")
    Dim objMatch As Match = objRegEx.Match(strResponseString)
    If Not objMatch.Success Then _
    Throw New ApplicationException("Could not parse __VIEWSTATE
    from Authorise.Net's Logon.aspx.")
    Dim strViewState As String = objMatch.ToString
    strViewState = strViewState.Replace("__VIEWSTATE"" value=", "")
    strViewState = strViewState.Replace("""", "")

    'create data posting
    Dim objConfig As Specialized.NameValueCollection =
    ConfigurationManager.GetSection("CreditCardTrans/Authorise.NET")
    Dim strPostData As String =
    String.Format("__VIEWSTATE={0}&MerchantLogin={1}&Password={2}",
    strViewState, objConfig("Login"), objConfig("Password"))
    strPostData = HttpUtility.UrlEncode(strPostData)

    'create new request for credential submittion
    objRequest =
    WebRequest.Create("https://account.authorize.net/ui/themes/anet/Logon.aspx")
    With objRequest
    .CookieContainer = objCookieCont
    .Method = "POST"
    .ContentType = "application/x-www-form-urlencoded"
    .ContentLength = strPostData.Length
    End With

    'add data post to request
    Dim objWriter As New
    IO.StreamWriter(objRequest.GetRequestStream())
    objWriter.Write(strPostData)
    objWriter.Close()

    'get response
    objReader = New
    IO.StreamReader(objRequest.GetResponse().GetResponseStream())
    strResponseString = objReader.ReadToEnd()
    objReader.Close()
    Response.Write(strResponseString)

    What is strange is that the following html works (just to prove that this
    site can be logged into) however I can not use it like this because I need
    to do multiple followup calls after authentication which need to use the
    same session cookie:

    <form name="form1" method="post"
    action="https://account.authorize.net/ui/themes/anet/Logon.aspx">
    <input type="hidden" name="__VIEWSTATE"
    value="dDw2ODc5MDg1MDk7dDw7bDxpPDA+O2k8MT47aTw3Pjs+O2w8dDxwPGw8VGV4dDs+O2w8QXV0aG9yaXplLk5FVCBXZWxjb21lOz4+Ozs+O3Q8O2w8aTwwPjs+O2w8dDw7bDxpPDA+Oz47bDx0PHA8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47PjtsPGk8MT47aTwzPjtpPDU+O2k8Nj47PjtsPHQ8cDxsPGhyZWY7PjtsPC91aS90aGVtZXMvYW5ldC9sb2dvbi5hc3B4P3N1Yj1sb2dvdXQ7Pj47Oz47dDxwPGw8aHJlZjs+O2w8amF2YXNjcmlwdDogdmFyIHdpbiA9IHdpbmRvdy5vcGVuKCcvdWkvdGhlbWVzL2FuZXQvQ29udGFjdFVzL0ZlZWRiYWNrLmFzcHgnLCAnRmVlZGJhY2snLGNvbmZpZz0naGVpZ2h0PTUwMCx3aWR0aD03NTAsc2Nyb2xsYmFycz0wLCByZXNpemFibGU9MScpXDs7Pj47Oz47dDxwPGw8aHJlZjs+O2w8amF2YXNjcmlwdDogdmFyIHdpbiA9IHdpbmRvdy5vcGVuKCcvdWkvdGhlbWVzL2FuZXQvQ29udGFjdFVzL1N1cHBvcnQuYXNweCcsJ3N1cHBvcnQnLGNvbmZpZz0naGVpZ2h0PTUwMCx3aWR0aD03NTAsc2Nyb2xsYmFycz0wLCByZXNpemFibGU9MScpOz4+Ozs+O3Q8O2w8aTwxPjs+O2w8dDxwPGw8aHJlZjs+O2w8amF2YXNjcmlwdDp2YXIgd2luID0gd2luZG93Lm9wZW4oJy91aS90aGVtZXMvYW5ldC9Db250YWN0VXMvQ2hhdC5hc3B4JywnY2hhdCcsY29uZmlnPSdoZWlnaHQ9MzUwLHdpZHRoPTUwMCxzY3JvbGxiYXJzPTAsIHJlc2l6YWJsZT0xJylcOzs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjt0PDtsPGk8MT47PjtsPHQ8cDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+Oz4+Oz4+Oz7rZCEFmJBwE1vGe4gpM1ANQ6UhNA=="
    />
    <input type="hidden" name="MerchantLogin" value="username">
    <input type="hidden" name="Password" value="password">
    </form>
    <script language="javascript">document.all.form1.submit();</script>

    Here I hardcoded the viewstate taken from login page just to test.

    Thanks
    Perry
     
    msnews.microsoft.com, May 10, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. buran
    Replies:
    7
    Views:
    9,390
    John Saunders
    Oct 11, 2003
  2. Jamie
    Replies:
    4
    Views:
    13,992
    Jamie
    Mar 1, 2004
  3. Scott Allen

    Re: httpwebrequest credentials

    Scott Allen, Sep 21, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    4,551
    =?Utf-8?B?Q296ZmVy?=
    Sep 27, 2004
  4. AmitKu
    Replies:
    7
    Views:
    522
    John Timney \(MVP\)
    Jan 8, 2007
  5. buran

    HttpWebRequest and posting login data

    buran, Sep 16, 2003, in forum: ASP .Net Security
    Replies:
    7
    Views:
    193
    John Saunders
    Oct 11, 2003
Loading...

Share This Page