Redirect user to authenticated page that uses forms authentication, using HTTP Location Header, HttpWebRequest/Response and Response.Cookies.Add()

Question

I need to autheticate on a site using forms authentication and then redirect the user to that site along with the session cookie. I have not figured out how to successfully do this. Here's my code so far.. I still get redirected to that apps login page. Any help is much appreciated!

protected void Button1_Click(object sender, EventArgs e)
{
 string data = "nickname=&login={0}&password={1}&action_login.x=70&action_login.y=14action_login=Login";
 string postdata = String.Format(data, "test", "test");
 string page = @"http://1.1.1.1/home.asp";
 string loginPage = @"http://1.1.1.1/auth.asp";
 HttpWebRequest request = (HttpWebRequest)WebRequest.Create(loginPage);
 request.Method = "POST";
 request.ContentType = "application/x-www-form-urlencoded";
 request.AllowAutoRedirect = false;
 ASCIIEncoding encoding = new ASCIIEncoding(); //encoder
 byte[] requestData = encoding.GetBytes(postdata); //encode post data
 request.ContentLength = requestData.Length;
 //write the post data to the request
 Stream requestStream = request.GetRequestStream();
 // Send the data.
 requestStream.Write(requestData, 0, requestData.Length);
 requestStream.Close();
 try
 {
  HttpWebResponse response = (HttpWebResponse) request.GetResponse();
  string cookieHeader = response.GetResponseHeader("Set-Cookie");
  string cookieValue = cookieHeader.Replace("pp_session_id=", "");
  HttpCookie cookie = new HttpCookie("pp_session_id",cookieValue);
  cookie.Domain = "1.1.1.1";
  cookie.Path = "/";
  Response.Clear();
  Response.StatusCode = 302;
  //Response.AddHeader("Set-Cookie", cookieHeader);
  Response.AddHeader("Location",page);
  Response.RedirectLocation = page;
  Response.Cookies.Add(cookie);
  Response.Flush();

 }
 catch (WebException ex)
 {
  Response.Write(ex.Message);
 }
}

Answer 1

Use Firebug on Mozilla Firefox to see what exactly the browser does when logging into the webapp. Then simulate the same sequence through code.

Or, you can use wireshark to sniff the requests sent by the browser.

One thing I can see from your code, is that you are adding the cookie explicitly. You shouldnt be doing this. You should set a CookieContainer on the request, so that the cookies get sent with all the requests to that site.

hope that helps.

Answer 2

What's wrong with using the FormsAuthentication class? In particular, have you tried the following sequence (or a variation of it):

FormsAuthentication.Authenticate();

FormsAuthentication.SetAuthCookie();

FormsAuthentication.RedirectFromLoginPage();

Answer 3

i believe you have to do a request to an authenticated page on the remote web app.

you'll have to grab the cookie it gives you so you have a valid session. aspnet session id is passed in the cookie. Then you will need to pass the username and password required for that app along with the cookie you received so you will have a valid authenticated session.