HttpWebRequest and forms authentication in C#

Question

I am a systems guy and currently doing a part time web development project so am pretty new to it. I am trying to write a http client for www.portapower.com.

It will for certain items which are posted on the website and if they match a particular requirement it will print a message.

While trying to access this page:

http://www.portapower.com/getbainfo.php?fclasscode=1&code=CB1831B.40H&fbrand=QUNFUg==

The website redirects me to a default register page:

http://www.portapower.com/defaregit.php

Here is a snippet of what I coded:

CookieContainer myContainer = new CookieContainer();

HttpWebRequest request = (HttpWebRequest)
WebRequest.Create("http://www.portapower.com/" + urlpart);
request.Credentials = new NetworkCredential("****", "******");
request.CookieContainer = myContainer;
request.PreAuthenticate = true;
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();

Console.WriteLine(response.StatusCode);
Stream resStream = response.GetResponseStream();
Console.WriteLine(resStream.ToString());

I do have the username and password and it works fine when used from a browser. Please tell me if this a correct way to access a authenticated page.

Answer 1

It depends on how the website is authenticating users. If they are using basic authentication or Windows authentication, then you can set the Credentials property of the HttpWebRequest class to the username/password/domain information and it should work.

However, it sounds like you have to enter the username/password on the site, which means you are going to have to login to the site first. Looking at the main page, this is what I find in the <form> element that handles login:

<form name="formlogin" method="post" action="./defalogin.php" >
  <input name="emtext" type="text" id="emtext" size="12">
  <input name="pstext" type="password" id="pstext" size="12">
  <input type="submit" name="Submit" value="Logn in" 
    onClick="return logincheck()" >
</form>

I've included only the relevant portions.

Given this, you have to go to the ./defalogin.php page first with the HttpWebRequest and POST the emtext and pstext values. Also, make sure you set the CookieContainer property to an instance of CookieContainer . When that call to POST returns, it's more than likely going to be populated with a cookie which you will have to send back to the site. Just keep setting the CookieContainer property on any subsequent HttpWebRequest instances to that CookieContainer to make sure the cookies are passed around.

Then you would go to the page indicated in the link.

Of concern is also the logincheck javascript function, but looking at the script sources, it does nothing of note.

Answer 2

The credentials that you are passing is for windows authentication. You need to submit post data with data that mimics the submission of a form then captrue the session cookie set in the response ans use that cookie for future requests

Take a look at this answer which has the code to do this:

Login to the page with HttpWebRequest

Answer 3

You can't do it this way; the credentials you're passing can be used with a basic authentication scheme (ie where, in the browser, you get a username/password dialog popping up.) You'll have to simulate the entry of the data into that form and catch the login cookie and use that.

Answer 4

The NetworkCredential class is really for controlling regular windows credentials (NTLM, Kerberos, etc).

That site is a PHP site running on Apache, so I don't think they are using NTLM or kerberos.

What you want to do is post some FORM fields to the site, then keep the cookie you get back. Make sure on subsequent requests you push the cookie back to the site so it knows you've already logged in.