WebClient accessing page with credentials
https://stackoverflow.com/questions/11118712
-
15-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to access a webpage on a same domain / same asp.net application, that is password protected. Credentials are the same both for webpage firing this call and webpage being accessed.
Here is the code, and I don't know why I always end up with a login form html code?
using (WebClient client = new WebClient())
{
client.QueryString.Add("ID", "1040"); //add parameters
//client.Credentials = CredentialCache.DefaultCredentials;
//I tried to add credentials like this
client.Credentials = new NetworkCredential("username", "password");
string htmlCode = client.DownloadString("http://domain.loc/testpage.aspx");
}
Solution
I suspect that the web page that you are trying to access uses Forms Authentication. This means that you will have to provide a valid authentication cookie if you want to be able to access protected resources. And in order to obtain a valid authentication cookie you will have to first authenticate yourself by sending a POST request to the LogOn page which emits the cookie. Once you retrieve the cookie you will be able to send it along on subsequent requests on protected resources. You should also note that out of the box WebClient doesn't support cookies. For this reason you could write a custom cookie aware web client:
public class CookieAwareWebClient : WebClient
{
public CookieAwareWebClient()
{
CookieContainer = new CookieContainer();
}
public CookieContainer CookieContainer { get; private set; }
protected override WebRequest GetWebRequest(Uri address)
{
var request = (HttpWebRequest)base.GetWebRequest(address);
request.CookieContainer = CookieContainer;
return request;
}
}
Now you could use this client to fire off the 2 requests:
using (var client = new CookieAwareWebClient())
{
var values = new NameValueCollection
{
{ "username", "john" },
{ "password", "secret" },
};
client.UploadValues("http://domain.loc/logon.aspx", values);
// If the previous call succeeded we now have a valid authentication cookie
// so we could download the protected page
string result = client.DownloadString("http://domain.loc/testpage.aspx");
}
Obviously due to the ViewState crapiness of ASP.NET you might need to send a couple of other parameters along your logon request. Here's what you could do: authenticate in a web browser and look with FireBug the exact parameters and headers that need to be sent.
