473,848 Members | 1,821 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Session Cookie and HttpWebResponse

Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver (asp
3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by the
remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I
was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie
to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebReques t.Create(urlRed ),
HttpWebRequest)
wReq.ContentTyp e = "applicatio n/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.Session ID
sPostData = sPostData & "&USERNAME= " & HttpUtility.Url Encode("myuser" )
sPostData = sPostData & "&password= " & HttpUtility.Url Encode("mypassw ord")
sPostData = sPostData & "&language= " & HttpUtility.Url Encode("DE_AT")

Dim enc As System.Text.Enc oding = System.Text.Enc oding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sP ostData)
wReq.ContentLen gth = bPostBuffer.Len gth
Dim streamPostData As Stream = wReq.GetRequest Stream()
streamPostData. Write(bPostBuff er, 0, bPostBuffer.Len gth)
streamPostData. Close()

Dim wResp As HttpWebResponse = CType(wReq.GetR esponse(), HttpWebResponse )
Dim responseStream As StreamReader = New
StreamReader(wR esp.GetResponse Stream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream. ReadToEnd()wRes p.Close()
responseStream. Close()

Response.Write( html)

Thanks and Regards
Karsten
Nov 17 '05 #1
3 7381
You can't really pass the session cookie, or any form of cookie. This is
because cookies have certain security on them which means that only the
domain/application that assigned them, can get them (this was at the centre
of a Passport hack a few years ago).
Instead, you can pass the variables in to a querystring on the request, or
you can use a stateserver/sql server to store the cookie data and have both
webservers get the information off that.

--
Philip Q
Microsoft MVP [ASP.NET]
http://aspalliance.com/wisemonk/

"Karsten Grombach" <ay*******@spam umluex.de> wrote in message
news:ei******** ******@TK2MSFTN GP10.phx.gbl...
Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver (asp 3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by the remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I
was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie
to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebReques t.Create(urlRed ),
HttpWebRequest)
wReq.ContentTyp e = "applicatio n/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.Session ID
sPostData = sPostData & "&USERNAME= " & HttpUtility.Url Encode("myuser" )
sPostData = sPostData & "&password= " & HttpUtility.Url Encode("mypassw ord")
sPostData = sPostData & "&language= " & HttpUtility.Url Encode("DE_AT")

Dim enc As System.Text.Enc oding = System.Text.Enc oding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sP ostData)
wReq.ContentLen gth = bPostBuffer.Len gth
Dim streamPostData As Stream = wReq.GetRequest Stream()
streamPostData. Write(bPostBuff er, 0, bPostBuffer.Len gth)
streamPostData. Close()

Dim wResp As HttpWebResponse = CType(wReq.GetR esponse(), HttpWebResponse )
Dim responseStream As StreamReader = New
StreamReader(wR esp.GetResponse Stream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream. ReadToEnd()wRes p.Close()
responseStream. Close()

Response.Write( html)

Thanks and Regards
Karsten


Nov 17 '05 #2
Hi Philip,

Thanks for your reply, but I don't quite understand you...
Using the sateserver/sqlserver is no option as we cannot change the legacy
asp application to use that anymore..
Do I have to pass my current (asp.net ) session ID with the
querystring/postdata to the asp application?
Regards
Karsten
"Philip Q [MVP]" <wi******@mvps. org> schrieb im Newsbeitrag
news:ee******** ********@TK2MSF TNGP10.phx.gbl. ..
You can't really pass the session cookie, or any form of cookie. This is
because cookies have certain security on them which means that only the
domain/application that assigned them, can get them (this was at the centre of a Passport hack a few years ago).
Instead, you can pass the variables in to a querystring on the request, or
you can use a stateserver/sql server to store the cookie data and have both webservers get the information off that.

--
Philip Q
Microsoft MVP [ASP.NET]
http://aspalliance.com/wisemonk/

"Karsten Grombach" <ay*******@spam umluex.de> wrote in message
news:ei******** ******@TK2MSFTN GP10.phx.gbl...
Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver

(asp
3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by

the
remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebReques t.Create(urlRed ),
HttpWebRequest)
wReq.ContentTyp e = "applicatio n/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.Session ID
sPostData = sPostData & "&USERNAME= " & HttpUtility.Url Encode("myuser" )
sPostData = sPostData & "&password= " & HttpUtility.Url Encode("mypassw ord") sPostData = sPostData & "&language= " & HttpUtility.Url Encode("DE_AT")

Dim enc As System.Text.Enc oding = System.Text.Enc oding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sP ostData)
wReq.ContentLen gth = bPostBuffer.Len gth
Dim streamPostData As Stream = wReq.GetRequest Stream()
streamPostData. Write(bPostBuff er, 0, bPostBuffer.Len gth)
streamPostData. Close()

Dim wResp As HttpWebResponse = CType(wReq.GetR esponse(), HttpWebResponse ) Dim responseStream As StreamReader = New
StreamReader(wR esp.GetResponse Stream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream. ReadToEnd()wRes p.Close()
responseStream. Close()

Response.Write( html)

Thanks and Regards
Karsten

Nov 17 '05 #3
when using a proxy page, the solution is quite simple: just add hidden input
fields and submit them to the legacy server..
i don't really like the javascript part, but after having spent an afternoon
and a morning trying to solve this, i won't complain...

thanks all, for helping me!

here my proxpage which gets set to the iframe src attribute..

<%@ Page Language="vb" AutoEventWireup ="false"
Codebehind="air managerproxy.as px.vb" Inherits="TestW eb.airmanagerpr oxy"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>airmanag erproxy</title>
<meta name="GENERATOR " content="Micros oft Visual Studio.NET 7.0">
<meta name="CODE_LANG UAGE" content="Visual Basic 7.0">
<meta name="vs_defaul tClientScript" content="JavaSc ript">
<meta name="vs_target Schema"
content="http://schemas.microso ft.com/intellisense/ie5">
</head>
<body MS_POSITIONING= "GridLayout " >
<script language=javasc ript>
function submitIt()
{

document.proxyF orm.action="htt ps://book.bla.at/AM/business/AT/booking/asp/lo
gin.asp";
document.proxyF orm.method="POS T"

document.proxyF orm.submit();

}
window.setTimeo ut("submitIt()" ,2000);

</script>
<form id="proxyForm" method="post" runat="server">
</form>
</body>
</html>

CodeBehind:
Imports System.Web.UI.H tmlControls
Public Class airmanagerproxy
Inherits System.Web.UI.P age
#Region " Vom Web Form Designer generierter Code "

'Dieser Aufruf ist für den Web Form-Designer erforderlich.
<System.Diagnos tics.DebuggerSt epThrough()> Private Sub
InitializeCompo nent()
End Sub

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArg s) Handles MyBase.Init
'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
InitializeCompo nent()
End Sub
#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArg s) Handles MyBase.Load
' Hier Benutzercode zur Seiteninitialis ierung einfügen
Me.EnableViewSt ate = False

' create the hiddenfields
' values are still hardcoded
Dim userName As HtmlInputHidden = New HtmlInputHidden ()
userName.Name = "USERNAME"
userName.ID = "USERNAME"
userName.Value = "xxx"
Dim password As HtmlInputHidden = New HtmlInputHidden ()
password.Name = "password"
password.ID = "password"
password.Value = "xxx"
Dim language As HtmlInputHidden = New HtmlInputHidden ()
language.Name = "language"
language.ID = "language"
language.Value = "DE_AT"

' add the hiddenfields to the form
Dim form As Control = Me.FindControl( "proxyForm" )
form.Controls.A dd(userName)
form.Controls.A dd(password)
form.Controls.A dd(language)

End Sub
End Class

"John Saunders" <jo***********@ surfcontrol.com > schrieb im Newsbeitrag
news:%2******** *******@TK2MSFT NGP12.phx.gbl.. .
Sorry, I don't think you can do what you want to do in the way you want to
do it.

Work it out step by step. Let's call the client browser machine A, your
ASP.NET server machine B, and the legacy server machine C. A makes some
request to B. B logs into C and gets a cookie sent back to it by C.

BTW, I don't see you storing that cookie. Look into the CookieContainer
class.

So, B figures out where C redirected it to then puts that URL into the SRC
attribute of an IFRAME and sends it to A. A then requests that URL but does not send to C the cookie which C sent to B, which isn't surprising because B didn't store it, and certainly didn't send it to A, and if it had sent it to A, then A wouldn't know to send it to C, which A has never heard of!

It sounds like you're going to need some sort of proxy page running on B.
You'd have to store the cookie you get during login to C into Session state on B, then send your user an IFRAME pointing to your proxy on B, with the
real URL as a query parameter. The proxy would load up the CookieContainer
from Session state, request the legacy page (from the query parameter) via a WebRequest, and then return the output back to A.

You will similarly want to use a CookieContainer in that proxy page, and
store any new cookies in Session state for use in subsequent requests during the same session.

Note that this analysis totally ignores any issues with SSL, as it's too
early in the morning for that!

Also note that this might be a good job for an HttpHandler on B, as the
"proxy page" isn't really a page (it wouldn't have any controls on it).

Good Luck. THis sounds like a generally-useful piece of functionality you're going to implement. Let us know how it works out.
--
John Saunders
Internet Engineer
jo***********@s urfcontrol.com
"Karsten Grombach" <ay*******@spam umluex.de> wrote in message
news:ei******** ******@TK2MSFTN GP10.phx.gbl...
Hi,

I'm trying the following:
- Imitate a Logon using a Post with HttpWebRequest on remote Webserver

(asp
3.0 page using https)
- On success redirect to the page (encapsuled in an iframe) supplied by

the
remote Webserver

I can successfuly logon but when I redirect to the supplied url, the
webserver does not know me anymore an redirects me back to login page.. I was told that I need to store the session cookie supplied by the remote
webserver on my webserver, but I don't know how to pass the session cookie to my my webserver..

Sample Code follows:
Dim urlRed As String = https://book.bla.at/AM/booking/asp/login.asp
Dim wReq As HttpWebRequest = CType(WebReques t.Create(urlRed ),
HttpWebRequest)
wReq.ContentTyp e = "applicatio n/x-www-form-urlencoded"
wReq.Method = "POST"

Dim sPostData As String = "" & Session.Session ID
sPostData = sPostData & "&USERNAME= " & HttpUtility.Url Encode("myuser" )
sPostData = sPostData & "&password= " & HttpUtility.Url Encode("mypassw ord") sPostData = sPostData & "&language= " & HttpUtility.Url Encode("DE_AT")

Dim enc As System.Text.Enc oding = System.Text.Enc oding.UTF8
Dim bPostBuffer As Byte() = enc.GetBytes(sP ostData)
wReq.ContentLen gth = bPostBuffer.Len gth
Dim streamPostData As Stream = wReq.GetRequest Stream()
streamPostData. Write(bPostBuff er, 0, bPostBuffer.Len gth)
streamPostData. Close()

Dim wResp As HttpWebResponse = CType(wReq.GetR esponse(), HttpWebResponse ) Dim responseStream As StreamReader = New
StreamReader(wR esp.GetResponse Stream(), enc)

' Here I get the correct url to the welcome page encapsuled in html
Dim html As String = responseStream. ReadToEnd()wRes p.Close()
responseStream. Close()

Response.Write( html)

Thanks and Regards
Karsten


Nov 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
5812
by: Dax Westerman | last post by:
I have a site that I'm trying to migrate to ASP.NET from ASP, and the foremost stumbling block I'm hitting is session state between the ASP and ASP.NET applications. In order to access this information, I'm doing a HttpWebRequest from the ASP.NET side into an .asp page, passing the session name on the get in order to request it from the ASP side and write it back to the response stream, giving ASP.NET access to it. Of course I change...
1
6465
by: ¼­°­È£ | last post by:
use HttpWebrequest. get cookie in URL1 and use this cookie in URL2 how to coding?
0
9207
by: Peter Qian | last post by:
Hi, I'm working on a windows form based program that can log into a web service (Apache based, https is used for auth). I was able to post the login data and obtain a sessionID. However I'm not sure how to maintain this id over multiple requests. Here are my code: Globle Varibles private static int timeOut = 20000; private CookieContainer cookieContainer; /* other cookies */
0
1176
by: Dax Westerman | last post by:
I have a site that I'm trying to migrate to ASP.NET from ASP, and the foremost stumbling block I'm hitting is session state between the ASP and ASP.NET applications. In order to access this information, I'm doing a HttpWebRequest from the ASP.NET side into an .asp page, passing the session name on the get in order to request it from the ASP side and write it back to the response stream, giving ASP.NET access to it. Of course I change...
3
3960
by: Amil | last post by:
Please don't repond to this if you are guessing or just don't know the answer. I'm trying to login to a backend system running Java/Tomcat. I create a HttpWebRequest with the login data and do a POST. This works fine. The HttpWebResponse content I get back is just javascript "window.location=xxx" (with normal html around it). The HttpWebResponse also contains a java session id cookie. Fine so far. I want to go to the new location...
4
404
by: Chris Newby | last post by:
My project currently requires that I integrate an ASP.NET application with an ASP application. One of the issues I'm having is that I have some very long strings being created in an ASP.NET application that need to somehow appear in a classic ASP session. The strings are too long for cookies or URLs and I'd like to avoid using a database or someother temporary server storage. So far what I've come up with is a .NET class that "spoofs" a...
0
1423
by: Dave Alvarado | last post by:
I'm working on some code that gathers data from a web interface to one of our servers (classic ASP). The problem is that the site uses session variables to store login information, so to move from page to page I need to emulate a browser keeping a session active. I'm currently using the .Net code below to access each web page. If I get back an ASPSESSIONID cookie, I store it in a Cookie object, and keep passing that object back every...
2
5415
by: =?Utf-8?B?RGF2aWQgS2lya2xhbmQ=?= | last post by:
Hi, I am trying to connect to an https server and download a file. The server requires a client side certificate, which I have loaded successfully using the X509Certificate class. I then add this certificate to the HttpWebRequest class and connect to the server. The problem arises because the initial request to the server gets a 302 redirect response. This response is OK, and is also recieved in IE7. The second request in IE7 is not...
1
5690
by: ALA | last post by:
Hi, does anybody know if it is possible to pass the SessionID with a web request by using a cookie so that the invoked page in the same domain can access the session objects of the current user? HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); request.CookieContainer = new CookieContainer(); HttpCookie sessionCookie = HttpContext.Current.Request.Cookies;
0
9893
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9738
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10664
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
10348
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7069
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5735
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4544
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4137
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3175
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.