PHP curl cannot save ASP.net MVC generated cookie

Question

I need to write a bot to login into a website and do some query, problem is this website is written in ASP.NET MVC and needs two cookies to identify user! I can save one cookie using my PHP curl but the other one .AspNet.ApplicationCookie (which is as large as ~400KB) cannot be stored!

Here is my code:

$ch = curl_init('MY URL...');
$cookie = __DIR__ . '/cookie.txt';
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "UserName=123&Password=123");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
$result = curl_exec($ch);
var_dump($result);

Answer 1

我找到了解决方案，ASP.net使用一种机制来避免使用令牌字段（隐藏文本输入为“__RequestVerificationToken”）的CSRF攻击和同一页面上的cookie也作为“__RequestVerificationToken”，这些令牌带有不同的值，但是相互关联，使用PHP cURL进行远程登录需要做的是同时获取这些值并将它们一起发布，如果你得到__RequestVerificationToken字段并再次获取cookie，反之亦然，ASP.net认为这可以作为攻击并更改cookie和字段上的值，这将导致登录失败。