469,898 Members | 2,201 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,898 developers. It's quick & easy.

Impersonate Login Page

My company has a third party purchased website that we use to allow clients
to log in and view/modify orders in our system.

It has its own login page, but I would like to add a form to my companies
own website to post the login directly (for client conveniance reasons).

Below is the code that I'm attempting to use, the post seems to be working
fine, but I'm getting an error back that "WebTrac Pro is not available at
this time, Please contact your administrator or check the log for details"
(the log is empty).

I'm wondering if maybe they are explicitly checking "where" the login
attempt is coming from and blocking it if it isn't what they expect? Is this
a common practice?

Here is the code:

-----------
Dim stringPost = Request.Form.ToString

Dim httpWebRequest As System.Net.HttpWebRequest =
System.Net.HttpWebRequest.Create("https://web.hmic.com/webtracpro/ModelDriver.aspx")

httpWebRequest.Method = "POST"

httpWebRequest.ContentLength = stringPost.Length

httpWebRequest.ContentType = "application/x-www-form-urlencoded"

Dim streamWriter = New
System.IO.StreamWriter(httpWebRequest.GetRequestSt ream())

streamWriter.Write(stringPost)

streamWriter.Close()

Dim httpWebResponse As System.Net.HttpWebResponse =
httpWebRequest.GetResponse()

Dim streamReader = New
System.IO.StreamReader(httpWebResponse.GetResponse Stream())

Dim stringResult = streamReader.ReadToEnd()

streamReader.Close()

Response.Write(stringResult)
---------
Nov 19 '05 #1
1 1344
On Mon, 15 Aug 2005 10:13:07 -0700, "PokerJoker"
<Po********@discussions.microsoft.com> wrote:
I'm wondering if maybe they are explicitly checking "where" the login
attempt is coming from and blocking it if it isn't what they expect? Is this
a common practice?


I'd suggest using Fiddler [1] to compare what your code sends to the
web site with what a web browser sends. Sometimes it's the littlest
things that make the difference, for instance, I've come across more
than one site that checks the user agent string. If the sites didn't
recognize the user agent they'd simply return a 404 or a 500 code. You
can set your own user agent string to make your request look like an
IE request with the UserAgent property on HttpWebRequest.

[1] http://www.fiddlertool.com/fiddler/

HTH,

--
Scott
http://www.OdeToCode.com/blogs/scott/
Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

14 posts views Thread by Ian Frawley | last post: by
3 posts views Thread by Kathy Burke | last post: by
1 post views Thread by Sorin Sandu | last post: by
8 posts views Thread by ajamrozek | last post: by
6 posts views Thread by richi | last post: by
reply views Thread by Andrew R. Jones | last post: by
4 posts views Thread by =?Utf-8?B?QXZhRGV2?= | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.