Login to web page using C#

Question

I would like to login to a certain web page , and download few pages as logged in user. I think I theoretically know what to do, based on an answer to this stackoverflow question , but I have no idea, where in the address should I put the login credentials. In the question above, it is quite obvious, but it is not so obvious at Aukro.
I'd be very grateful for any avice... :)

Answer 1

One tricky part is the fact that this login page sets a bunch of session cookies and appends some unique query string parameters for your session. Presumably, you'll need to retrieve good values from the server for each session you create.

When you land on https://ssl.aukro.cz/enter_login.php , you get a 302 Found (which in practice is used for redirects). The full request looks like this:

Date    Wed, 26 Aug 2009 17:50:05 GMT
Server  Apache
Vary    Accept-Encoding
Set-Cookie  ws2=acda7c76687f; expires=Wed, 26-Aug-2009 18:20:05 GMT; path=/; domain=.aukro.cz
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control   no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma  no-cache
Location    https://ssl.aukro.cz/enter_login.php?session=NmQ2YQFRBVABVgFRVFQAXVRXVFZXWlcHBVRVWAcGUF0OUVJWVVRRXFVUBFFTAAcGAFxUA1NSY2JkZQ%3D%3D&global_login_hash=e16bd60f566a0ae3752997bf21844c4ec2bd0d22&session_login_hash=fecd7825582b6d038d288f67c368090aa369c85d&url=OTFhY1hFRkYDHk4UR0YcV0xaEwweUkgZXEMTDEIeU1VaVBIQb1RARFZDTxNYQQ1YVm4FCkIMAzAxMjY%3D
Content-Encoding    gzip
Content-Length  26
Keep-Alive  timeout=2, max=9999
Connection  Keep-Alive
Content-Type    text/html; charset=UTF-8

You'll need to grab the URL location and the cookie it sets ("ws2"). Then you'll need to drop onto that redirect URL you grabbed, and get the rest of the cookies it sets, which are ws2 , stsd_refr , and qeppo_login .

You then need to fill in the POST body with the form elements as mentioned above and in the links you provided.

Not knowing anything about this site you're trying to log into, I'd venture a guess that if you don't get good session variables and cookies and include them for each of your logical requests, your login attempts may fail.

Long story short, just use Fiddler or Firebug to capture what a login session looks like, and mimic it using the techniques you've already seen.

Answer 2

This might be a valid alternative technique

The needed controls for this are:

id="user_login"

id="user_password"

value="Přihlásit" (apparently czech for "Login")

Answer 3

You will need to view the source of the webpage, and find the <form> that is used for login. That will give you the URL that you will need to post to. You will need to specify all the variables that are in <input> tags, just the way they did in the question you linked.

In this case you will need to specify: session, global_login_hash, session_login_hash, url, request_server, user_login, user_password

One way to determine what needs to be submitted is to use a proxy like Fiddler2 , then use a web browser with its proxy set to Fiddler and log into the webpage. Fiddler will give you the request and response headers and text.

Answer 4

You need to create HTTPS POST request supplying the following values in an application/x-www-form-urlencoded body:

user_login = <user name>
user_password = <password>
session = "ZTEzMw9RAAcGUlIABQgDVlcBBVAAB1NRAAFQClAAUQADCAdRDgNRAQcDVwsHBQADVAYAAAYBNjA1Yg=="
global_login_hash = "c6da0c2fa41454f62c80d9cc688f4303ebebb9b3"
session_login_hash = "8e5190abcb4cccee78b7331a616c4fb723f7fe41"
url = "OTFhY1hFRkYDHk4UR0YcV0xaEwweUkgZXEMTDEIeU1VaVBIQb1RARFZDTxNYQQ1YVm4FCkIMAzAxMjY="
request_server = "ssl.aukro.cz"

You might start by suppling values for user_login and user_password and ignore the rest, but it is impossible to know exactly what the server requries. The encoded values are certainly not reusable and if required you will have to scrape them from the login page before you login.