Login to website with multipart/form-data

Question

I have been trying for awhile now to log into a website using a WebRequest with no luck and I'm hoping that somebody can help me out. The login page uses "multipart/form-data; boundary" for its post data which I have never encountered before and I haven't been able to get it to work.

A successful post looks like this (courtesy of Tamper):

-----------------------------13327156328034
Content-Disposition: form-data; name="cc_session_id"

0vtgfe4bbhlh94f4vmmptctr06
-----------------------------13327156328034
Content-Disposition: form-data; name="cc_action"

cca_login
-----------------------------13327156328034
Content-Disposition: form-data; name="cc_failure_url"

https://www.fanduel.com/p/LoginPp
-----------------------------13327156328034
Content-Disposition: form-data; name="cc_success_url"

https://www.fanduel.com/
-----------------------------13327156328034
Content-Disposition: form-data; name="email"

*********
-----------------------------13327156328034
Content-Disposition: form-data; name="password"

*********
-----------------------------13327156328034
Content-Disposition: form-data; name="login"

Log in
-----------------------------13327156328034--

My connection method looks like this:

    private static WebResponse Connect()
    {
        var manager = new SessionIDManager();
        var boundary = "---------------------------" + DateTime.Now.Ticks;
        var newLine = Environment.NewLine;
        var propFormat = "--" + boundary + newLine +
                            "Content-Disposition: form-data; name=\"{0}\"" + newLine + newLine +
                            "{1}" + newLine;

        var req = WebRequest.Create("https://www.fanduel.com/c/CCAuth");
        var session = manager.CreateSessionID(HttpContext.Current);
        req.Method = "POST";
        req.ContentType = "multipart/form-data; boundary=" + boundary;
        string formParams = string.Format(propFormat, "cc_session_id", session); 
        formParams += string.Format(propFormat, "cc_action", "cca_login");
        formParams += string.Format(propFormat, "cc_failure_url", "https://www.fanduel.com/p/LoginPp");
        formParams += string.Format(propFormat, "cc_success_url", "https://www.fanduel.com/");
        formParams += string.Format(propFormat, "email", Credentials.ToInsecureString(Credentials.DecryptString(Settings.FanDuel.UserName)));
        formParams += string.Format(propFormat, "password", Credentials.ToInsecureString(Credentials.DecryptString(Settings.FanDuel.Password)));
        formParams += string.Format(propFormat, "login", "Log in");
        formParams += "--" + boundary + "--";

        byte[] bytes = Encoding.ASCII.GetBytes(formParams);
        req.ContentLength = bytes.Length;
        using (Stream os = req.GetRequestStream())
        {
            os.Write(bytes, 0, bytes.Length);
        }

        return req.GetResponse();
    }

It produces the following post data:

-----------------------------635209175732301763
Content-Disposition: form-data; name="cc_session_id"

lptqmgshh2givmblbna4yeql
-----------------------------635209175732301763
Content-Disposition: form-data; name="cc_action"

cca_login
-----------------------------635209175732301763
Content-Disposition: form-data; name="cc_failure_url"

https://www.fanduel.com/p/LoginPp
-----------------------------635209175732301763
Content-Disposition: form-data; name="cc_success_url"

https://www.fanduel.com/
-----------------------------635209175732301763
Content-Disposition: form-data; name="email"

********
-----------------------------635209175732301763
Content-Disposition: form-data; name="password"

********
-----------------------------635209175732301763
Content-Disposition: form-data; name="login"

Log in
-----------------------------635209175732301763--

Unfortunately, the response's cookie isn't that of a successful login. At this point I don't know what else to do and I would appreciate any help anybody would be willing to offer me to get this working. Thanks.

Update: I Tried getting an initial response and then using that session id for my post, but still no luck. Does anybody have any ideas?

Answer 1

I've managed to get this working and optimized the method to the best of my ability.

private CookieContainer cookies = new CookieContainer();
private string loginCookie;

public bool IsLoggedIn { get; set; }

public void Login()
{
    var boundary = "---------------------------" + DateTime.Now.Ticks;
    var newLine = Environment.NewLine;
    var propFormat = "--" + boundary + newLine +
        "Content-Disposition: form-data; name=\"{0}\"" +
        newLine + newLine + "{1}" + newLine;

    var req = WebRequest.Create("https://www.fanduel.com/c/CCAuth") as HttpWebRequest;
    req.CookieContainer = cookies;
    req.Method = "POST";
    req.ContentType = "multipart/form-data; boundary=" + boundary;
    string formParams = string.Format(propFormat, "cc_session_id", new SessionIDManager().CreateSessionID(HttpContext.Current));
    formParams += string.Format(propFormat, "cc_action", "cca_login");
    formParams += string.Format(propFormat, "cc_failure_url", "https://www.fanduel.com/p/LoginPp");
    formParams += string.Format(propFormat, "cc_success_url", "https://www.fanduel.com/");
    formParams += string.Format(propFormat, "email", Credentials.ToInsecureString(Credentials.DecryptString(FanDuel.Default.UserName)));
    formParams += string.Format(propFormat, "password", Credentials.ToInsecureString(Credentials.DecryptString(FanDuel.Default.Password)));
    formParams += string.Format(propFormat, "login", "Log in");
    formParams += "--" + boundary + "--";

    byte[] bytes = Encoding.ASCII.GetBytes(formParams);
    req.ContentLength = bytes.Length;
    using (Stream os = req.GetRequestStream())
    {
        os.Write(bytes, 0, bytes.Length);
    }

    var res = req.GetResponse();
    res.Close();

    loginCookie = req.Headers["Cookie"];

    IsLoggedIn = res.ResponseUri == new Uri("https://www.fanduel.com/p/Home");
}

Then pass loginCookie to any other relevant WebRequest:

void SomeMethod()
{
    var req = WebRequest.Create("SomeUri");
    req.Headers.Add("Cookie", loginCookie);
    var res = req.GetResponse();
}

I hope this helps somebody in the future.