Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

lvm raid0, apache reverse proxy to iis ntlm, m.p. pasing list download, useradd default password, rajxxxxxcom.., Thor Johnson Beefy Uncut Ginger Adult Entertainer, how do you pronounce myisam, jwbznx, udp send thread safe, wwwB xxx

Links

Issociate
Impressum

#1: posting login credentials and __VIEWSTATE using HttpWebRequest fails

Posted on 2006-05-10 13:32:10 by Perecli Manole

I have been raking my brains on why this does not work. I get back the same
login screen again instead of the home page redirection which should occur
after a successful login:

'create a cookie container so it can be shared between requests
so that authentication can be maintained
Dim objCookieCont As New CookieContainer

'create request to get the __VIEWSTATE of Authorize.NET's
Logon.aspx page
Dim objRequest As HttpWebRequest =
WebRequest.Create("https://account.authorize.net/ui/themes/a net/Logon.aspx")
objRequest.CookieContainer = objCookieCont

'get initial Logon page
Dim objReader As New
IO.StreamReader(objRequest.GetResponse().GetResponseStream() )
Dim strResponseString As String = objReader.ReadToEnd()
objReader.Close()

'parse page for VIEWSTATE value
Dim objRegEx As New Regex("__VIEWSTATE"" value="".*""")
Dim objMatch As Match = objRegEx.Match(strResponseString)
If Not objMatch.Success Then _
Throw New ApplicationException("Could not parse __VIEWSTATE
from Authorise.Net's Logon.aspx.")
Dim strViewState As String = objMatch.ToString
strViewState = strViewState.Replace("__VIEWSTATE"" value=", "")
strViewState = strViewState.Replace("""", "")

'create data posting
Dim objConfig As Specialized.NameValueCollection =
ConfigurationManager.GetSection("CreditCardTrans/Authorise.N ET")
Dim strPostData As String =
String.Format("__VIEWSTATE={0}&MerchantLogin={1}&Password={2 }",
strViewState, objConfig("Login"), objConfig("Password"))
strPostData = HttpUtility.UrlEncode(strPostData)

'create new request for credential submittion
objRequest =
WebRequest.Create("https://account.authorize.net/ui/themes/a net/Logon.aspx")
With objRequest
.CookieContainer = objCookieCont
.Method = "POST"
.ContentType = "application/x-www-form-urlencoded"
.ContentLength = strPostData.Length
End With

'add data post to request
Dim objWriter As New
IO.StreamWriter(objRequest.GetRequestStream())
objWriter.Write(strPostData)
objWriter.Close()

'get response
objReader = New
IO.StreamReader(objRequest.GetResponse().GetResponseStream() )
strResponseString = objReader.ReadToEnd()
objReader.Close()
Response.Write(strResponseString)

What is strange is that the following html works (just to prove that this
site can be logged into) however I can not use it like this because I need
to do multiple followup calls after authentication which need to use the
same session cookie:

<form name="form1" method="post"
action="https://account.authorize.net/ui/themes/anet/Logon.a spx">
<input type="hidden" name="__VIEWSTATE"
value="dDw2ODc5MDg1MDk7dDw7bDxpPDA+O2k8MT47aTw3Pjs+O2w8dDxwP Gw8VGV4dDs+O2w8QXV0aG9yaXplLk5FVCBXZWxjb21lOz4+Ozs+O3Q8O2w8a TwwPjs+O2w8dDw7bDxpPDA+Oz47bDx0PHA8cDxsPFZpc2libGU7PjtsPG88Z j47Pj47PjtsPGk8MT47aTwzPjtpPDU+O2k8Nj47PjtsPHQ8cDxsPGhyZWY7P jtsPC91aS90aGVtZXMvYW5ldC9sb2dvbi5hc3B4P3N1Yj1sb2dvdXQ7Pj47O z47dDxwPGw8aHJlZjs+O2w8amF2YXNjcmlwdDogdmFyIHdpbiA9IHdpbmRvd y5vcGVuKCcvdWkvdGhlbWVzL2FuZXQvQ29udGFjdFVzL0ZlZWRiYWNrLmFzc HgnLCAnRmVlZGJhY2snLGNvbmZpZz0naGVpZ2h0PTUwMCx3aWR0aD03NTAsc 2Nyb2xsYmFycz0wLCByZXNpemFibGU9MScpXDs7Pj47Oz47dDxwPGw8aHJlZ js+O2w8amF2YXNjcmlwdDogdmFyIHdpbiA9IHdpbmRvdy5vcGVuKCcvdWkvd GhlbWVzL2FuZXQvQ29udGFjdFVzL1N1cHBvcnQuYXNweCcsJ3N1cHBvcnQnL GNvbmZpZz0naGVpZ2h0PTUwMCx3aWR0aD03NTAsc2Nyb2xsYmFycz0wLCByZ XNpemFibGU9MScpOz4+Ozs+O3Q8O2w8aTwxPjs+O2w8dDxwPGw8aHJlZjs+O 2w8amF2YXNjcmlwdDp2YXIgd2luID0gd2luZG93Lm9wZW4oJy91aS90aGVtZ XMvYW5ldC9Db250YWN0VXMvQ2hhdC5hc3B4JywnY2hhdCcsY29uZmlnPSdoZ WlnaHQ9MzUwLHdpZHRoPTUwMCxzY3JvbGxiYXJzPTAsIHJlc2l6YWJsZT0xJ ylcOzs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjt0PDtsPGk8MT47PjtsPHQ8cDxwPGw8V mlzaWJsZTs+O2w8bzxmPjs+Pjs+Ozs+Oz4+Oz4+Oz7rZCEFmJBwE1vGe4gpM 1ANQ6UhNA=="
/>
<input type="hidden" name="MerchantLogin" value="username">
<input type="hidden" name="Password" value="password">
</form>
<script language="javascript">document.all.form1.submit();</script>

Here I hardcoded the viewstate taken from login page just to test.

Thanks
Perry

Report this message

Mr Ad

Google