Can't get Set-Cookie headers after posting to Forms Auth. login page

G

Guest

Hi

My app is trying to login to an ASP.NET site that uses Forms authentication. I am trying to do in my app (what was previously posted in a newsgroup) the same that a browser does
3) The browser requests the login page specified
4) The server responds with the login pag
5) The user fills in the login page and submits the form, so the browser POSTs the form back to the login pag
6) If the credentials are valid, the server responds with another "302 Page Moved" status, a Location header pointing to protected.aspx, and a Set-Cookie header providing the encrypted Forms Authentication Ticket

I build a Post request to login.aspx and use HttpWebRequest to send it. I use HttpWebResponse to get the response

I have sent the proper login & password & VIEWSTATE info and all that stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found" with 3 Set-Cookie Headers. The web site redirects me to default.aspx; the trace shows my side (IIS?) sending a GET request for default.aspx, and that's what my app gets in my HttpWebResponse object. The problem is that I don't get logged in because this automatic GET request (below my app somewhere) doesn't get the cookies from the "302 Found" response and send it with the request; I know this because I run the trace and do the same steps from a browser, and in that session, the cookies get passed properly in the 'GET default.aspx' request

The HttpWebResponse object has a ContinueDelegate property, where I can provide a delegate method that's called when a HTTP 100 Continue response is received, but nothing for a "302 Found" response

Any ideas how to solve this? This is a show-stopper for me. I have a standard setup: VS.NET 2003 on XP Pro with IE 6.0 SP1

Thanks in advance
Iggy Evans
 
J

Joerg Jooss

Iggy said:
Hi,

My app is trying to login to an ASP.NET site that uses Forms
authentication. I am trying to do in my app (what was previously
posted in a newsgroup) the same that a browser does: 3) The browser
requests the login page specified. 4) The server responds with the
login page 5) The user fills in the login page and submits the form,
so the browser POSTs the form back to the login page 6) If the
credentials are valid, the server responds with another "302 Page
Moved" status, a Location header pointing to protected.aspx, and a
Set-Cookie header providing the encrypted Forms Authentication
Ticket.

I build a Post request to login.aspx and use HttpWebRequest to send
it. I use HttpWebResponse to get the response.

I have sent the proper login & password & VIEWSTATE info and all that
stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found"
with 3 Set-Cookie Headers. The web site redirects me to default.aspx;
the trace shows my side (IIS?) sending a GET request for
default.aspx, and that's what my app gets in my HttpWebResponse
object. The problem is that I don't get logged in because this
automatic GET request (below my app somewhere) doesn't get the
cookies from the "302 Found" response and send it with the request; I
know this because I run the trace and do the same steps from a
browser, and in that session, the cookies get passed properly in the
'GET default.aspx' request.

The most simple explanation is that you didn't set a CookiContainer in your
HttpWebRequest. If you don't, the framework won't process cookies and
they're all lost.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top