[英]ASP.NET Application Auto Login
我正在嘗試讓用戶自動登錄到外部托管的 ASP.NET 應用程序(不受我的控制)。 外部應用程序加載到我的 .NET 應用程序中的 iframe。 目標是使用我們公司的用戶名/密碼將用戶登錄到外部應用程序,並重定向到 iframe 中的外部主頁。
我已經設法從代碼隱藏成功登錄。 發布到登錄頁面后收到的第二個響應確實包含主頁的 html,所以我知道這是有效的。 我嘗試重新創建他們的 front-end.aspx 表單,並在使用從代碼隱藏中的登錄頁面的第一個請求中檢索到的值填充 eventtarget 和 viewstate 輸入后強制發布。 請求正文與我在我的應用程序之外登錄網站時完全相同,並且與我的代碼隱藏和 .aspx 表單帖子相同。 但是我在 .aspx 表單帖子上不斷收到 500 錯誤。 我認為這可能與存儲在 cookies 中的 ASP.NET session id 有關。這是我看到的唯一區別。 我試圖從代碼隱藏的登錄頁面將我頁面的 cookie 設置為他們的 session id。 但是,使用開發人員工具我可以看到我的應用程序 cookie 沒有被更改。 我什至不被允許這樣做是有道理的。
有什么辦法可以做到這一點? 我的應用程序有 10 個選項卡,每個選項卡都有一個 iframe 加載外部應用程序。 我已經能夠偽造除 ASP.NET 之外的所有外部應用程序的登錄。如果它在代碼隱藏中工作,我似乎應該能夠實現這一點。
string url = "httxx://abc.com/Login.aspx";
CookieContainer myCookieContainer = new CookieContainer();
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.CookieContainer = myCookieContainer;
request.Method = "GET";
request.KeepAlive = false;
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
System.IO.Stream responseStream = response.GetResponseStream();
System.IO.StreamReader reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
string srcString = reader.ReadToEnd();
// get the page ViewState
string viewStateFlag = "id=\"__VIEWSTATE\" value=\"";
int i = srcString.IndexOf(viewStateFlag) + viewStateFlag.Length;
int j = srcString.IndexOf("\"", i);
string viewState = srcString.Substring(i, j - i);
// get page EventValidation
string eventValidationFlag = "id=\"__EVENTVALIDATION\" value=\"";
i = srcString.IndexOf(eventValidationFlag) + eventValidationFlag.Length;
j = srcString.IndexOf("\"", i);
string eventValidation = srcString.Substring(i, j - i);
string usernameTextbox = "ctl00$MainContent$Username";
string passwordTextbox = "ctl00$MainContent$Password";
string submitButton = "ctl00$MainContent$btnLogin";
// Username and Password
string userName = "company";
string password = "password";
// Convert the text into the url encoding string
usernameTextbox = System.Web.HttpUtility.UrlEncode(usernameTextbox);
passwordTextbox = System.Web.HttpUtility.UrlEncode(passwordTextbox);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);
viewState = System.Web.HttpUtility.UrlEncode(viewState);
eventValidation = System.Web.HttpUtility.UrlEncode(eventValidation);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);
submitButton = "ctl00%24MainContent%24btnLogin";
// Concat the string data which will be submit
string postString = "__LASTFOCUS=&__VIEWSTATE=" + viewState + "&__SCROLLPOSITIONX=0&__SCROLLPOSITIONY=0&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=" + eventValidation + "&ctl00%24MainContent%24Username=company&ctl00%24MainContent%24Password=password&ctl00%24MainContent%24btnLogin=Login";
__VIEWSTATE.Value = viewState;
__EVENTVALIDATION.Value = evenValidation;
foreach(Cookie cookie in response.Cookies)
{
HttpCookie myCookie = new HttpCookie(cookie.Name, cookie.Value);
HttpContext.Current.Request.Cookies.Add(myCookie);
}
// Convert the submit string data into the byte array
byte[] postData = Encoding.ASCII.GetBytes(postString);
// Set the request parameters
request = WebRequest.Create(url) as HttpWebRequest;
request.Method = "POST";
request.Referer = url;
request.KeepAlive = false;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; CIBA)";
request.ContentType = "application/x-www-form-urlencoded";
request.CookieContainer = myCookieContainer;
request.CookieContainer.Add(response.Cookies);
request.ContentLength = postData.Length;
// Submit the request data
System.IO.Stream outputStream = request.GetRequestStream();
request.AllowAutoRedirect = true;
outputStream.Write(postData, 0, postData.Length);
outputStream.Close();
// Get the return data
response = request.GetResponse() as HttpWebResponse;
responseStream = response.GetResponseStream();
reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
string rspString = reader.ReadToEnd();
//Response.Write(rspString);
//Response.End();
.aspx 表單
<body style="margin:0;background-color:#ffffff">
<form method="post" action="httxx://abc.com/Login.aspx" id="aspnetForm">
<div class="aspNetHidden">
<input type="hidden" name="__LASTFOCUS" id="__LASTFOCUS" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" runat="server" />
</div>
<div class="aspNetHidden">
<input type="hidden" name="__SCROLLPOSITIONX" id="__SCROLLPOSITIONX" value="0" />
<input type="hidden" name="__SCROLLPOSITIONY" id="__SCROLLPOSITIONY" value="0" />
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" runat="server" />
</div>
<div style="float:left">
<h1>Login</h1>
<div id="MainContent_pnlLogin">
<table class="Table">
<tr>
<td><span id="MainContent_lblUsername" class="Prompt">Username</span></td>
<td><input name="ctl00$MainContent$Username" type="text" maxlength="25" id="MainContent_Username" value="company" class="Entry" style="width:125px;" /></td>
</tr>
<tr>
<td><span id="MainContent_lblPassword" class="Prompt">Password</span></td>
<td><input name="ctl00$MainContent$Password" type="password" maxlength="25" id="MainContent_Password" value="password" class="Entry" style="width:125px;" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<br />
<input type="submit" name="ctl00$MainContent$btnLogin" value="Login" id="MainContent_btnLogin" class="Button" />
</td>
</tr>
</table>
</div>
</form>
<script src="../Scripts/jquery-1.10.2.js"></script>
<script>
$(document).ready(function () {
$("#MainContent_btnLogin").click();
});
</script>
</body>
我能夠使以下代碼工作:
string url = "httxx://abc.com/Login.aspx";
CookieContainer myCookieContainer = new CookieContainer();
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.CookieContainer = myCookieContainer;
request.Method = "GET";
request.KeepAlive = false;
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
System.IO.Stream responseStream = response.GetResponseStream();
System.IO.StreamReader reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
string srcString = reader.ReadToEnd();
// get the page ViewState
string viewStateFlag = "id=\"__VIEWSTATE\" value=\"";
int i = srcString.IndexOf(viewStateFlag) + viewStateFlag.Length;
int j = srcString.IndexOf("\"", i);
string viewState = srcString.Substring(i, j - i);
// get page EventValidation
string eventValidationFlag = "id=\"__EVENTVALIDATION\" value=\"";
i = srcString.IndexOf(eventValidationFlag) + eventValidationFlag.Length;
j = srcString.IndexOf("\"", i);
string eventValidation = srcString.Substring(i, j - i);
string usernameTextbox = "ctl00$MainContent$Username";
string passwordTextbox = "ctl00$MainContent$Password";
string submitButton = "ctl00$MainContent$btnLogin";
// Username and Password
string username = "company";
string password = "password";
// Convert the text into the url encoding string
usernameTextbox = System.Web.HttpUtility.UrlEncode(usernameTextbox);
passwordTextbox = System.Web.HttpUtility.UrlEncode(passwordTextbox);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);
viewState = System.Web.HttpUtility.UrlEncode(viewState);
eventValidation = System.Web.HttpUtility.UrlEncode(eventValidation);
// Concat the string data which will be submit
string postString = "__VIEWSTATE=" + viewState + "&__EVENTVALIDATION=" + eventValidation + "&"+usernameTextbox+"="+username+"&"+passwordTextbox+"="+password+"&"+submitButton+"=" + HttpUtility.UrlEncode("Login");
// Convert the submit string data into the byte array
byte[] postData = Encoding.ASCII.GetBytes(postString);
// Set the request parameters
request = WebRequest.Create(url) as HttpWebRequest;
request.Method = "POST";
request.Referer = url;
request.KeepAlive = false;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; CIBA)";
request.ContentType = "application/x-www-form-urlencoded";
request.CookieContainer = myCookieContainer;
request.CookieContainer.Add(response.Cookies);
request.ContentLength = postData.Length;
// Submit the request data
System.IO.Stream outputStream = request.GetRequestStream();
request.AllowAutoRedirect = true;
outputStream.Write(postData, 0, postData.Length);
outputStream.Close();
// Get the return data
response = request.GetResponse() as HttpWebResponse;
responseStream = response.GetResponseStream();
reader = new System.IO.StreamReader(responseStream, Encoding.UTF8);
string rspString = reader.ReadToEnd();
//Response.Write(rspString);
//Response.End();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.