I am trying to use HTTPWebRequest to login to a site and then retrieve the page after login. However, it seems as if I can't get past the login. I also investigated with Fiddler and tried mimicking Fiddler almost completely and still no luck.
[Code]....
I have created a web application which has two section user and admin. Admin files are within
~/admin folder and user files are in ~/User folder. Admin and user has two different login page within respective directory.
Now I want two apply form authentication for admin and user section. Is it possible to apply form authentication for two different section in a web application?
I am trying to login to the website below using HttpWebRequest. I am passing in the username and password using the Credentials property but keep getting back the Login page of the website. Can anyone explain what I am doing wrong.
[URL]
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(Url);
request.ContentType = "application/x-www-form-urlencoded";
request.Credentials = new NetworkCredential(Username, Password);
request.Method = "POST";
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
request.Headers.Add("Accept-Language: en-us,en;q=0.5");
request.Headers.Add("Accept-Encoding: gzip,deflate");
request.Headers.Add("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7");
request.KeepAlive = true;
request.Headers.Add("Keep-Alive: 300");
request.Referer = Url;
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705;)";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
string tmp = reader.ReadToEnd();
}
we host a database for several users. We allow the users to host the login form on their own server. The form calls an ASP page that we host, which executes a stored procedure to authenticate the user.
We are in the process of moving to ASP.net. The "Forms" authentication method appears to only work if the login page is hosted locally. Is there a way to use Forms Authentication & allow the login form itself to be on a different server. I'm looking for a tutorial somewhere that will get me pointed in the right direction
I have a problem with using login controls form authentication ! as my website serves some pages for guest users(Anonymous user) and some pages are for only secure user(they must have to login for those requested pages)...... my problem is this that when i apply form authentication in web.config file to login control then visual studio directly shows only login page where i want that in general case only : guest user pages must be shown and if user clicks on login then after login the requested page he may open !
View 2 RepliesI have my website in which there are free links and links that require login. Free links open even if the user is not logged in. But in case of links that require login, redirect to login.aspx specified in Web.Config in loginURL tag.
I want some way to override this and show Ajax modal popup (Ajax extender toolkit) with login control for only thos links that require login (not for the free links).
i have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
I have some problems regarding login form authentication.Can anyone of you share running login authentication codes.
View 3 RepliesI have developed an Interanet web application using the windows Active directory authentication if user find then it automaticaly authenticated working correctly now my user wants the capability of being able to login to the intranet site as another user by providing the username and Password . For example, Team lead needs to login on other team memeber System to pefrom some task on his behalf if he or she is not aviable in office .
I have created a standard MS Login Page. However when I try to login on the page only by providing the Username system authenitcate the user ( not validating the password of that user)
My Web.config is shown below
[Code]....
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
View 2 RepliesI've encountered a problem with intranet ASP.NET Application using AD Form Authentcation. The login and authorization is built using this KB http://support.microsoft.com/kb/316748. It works fine on DEV but not in UAT and PROD.
Basically, the problem is:1. In DEV, users see login page and they enter domain user name and password and login process happens with no issue.
2. But in PROD and UAT, the same application when the users see the login page (first time) and they submit the login form no response. The login button does nothing. The user closes the browser and come back to login page and it works second time. Strange, this doesn't happen in DEV.
3. Further, on DEV by changing the LDAP path to PROD or UAT, the users can still login the first time. It's only the PROd and UAT that seems to be a problem. Not sure whether it's IIS setting or domain policy or something else.....
Not sure what's causing this issue. The only difference that I can see between DEV and UAT/PROD is:
1. DEV has no load balance but UAT and PROD has.
2. In DEV application is installed under Default Website and on PROD/UAT it's under new website.
The IIS settings has been setup as per given KB. I
I have seen numerous posts with this problem, however none of the solutions have worked for me. I am using asp.net 4.0 forms authentication. I have the following set in my config file.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
The login.aspx page uses a master page and styles in a stylesheet located in a folder off the root directory called 'Styles'. I have also add the following to my config file.
<location path="~/Styles">
<system.web>
<authorization>
<allow users = "*"/>
</authorization>
</system.web>
</location>
When the page displays, the login page displays with the master page content, however all of the styles are missing. When I embed styles into the master page the styles show properly, so I know the problem is that the styles are not being accessed from the file. how I can authorize access to the stylesheet?
I've a got an Asp.Net site that is using Forms authentication, I've also got custom errors configured in the web.config. One of these is a special error page for 403's (access denied). My question is how do I get Forms authentication to work smarter?
I would like Forms authentication to send users to login page only if they are not authenticated. If they are I want it to defer to the custom error pages that i've defined in the web.config. This seems like something very basic, how can this be achieved?
[code]....
I have some experience of using paypal with an asp.net website, however this issue has me really stumped.
Root of the problem: You cant embed the html form for the paypal button inside your page form.
Original solution: Originally my website was using multiple aspx pages so I could simply arrange my form tags so that they weren't embedded inside one another.
My website now uses a master aspx page which draws in different ascx controls. This means that I do not have the option of arranging the form tags around the page so need a work around.
NB. I have looked all over the place for simple solutions but it is a jungle out there, paypal is a nightmare. I did find something on ghost form which is all in c#.
The problem is as follows: If a visitor try to access a page in Admin folder he must be redirected to login page located in Admin folder, here I will take his username and password and then I will check this in SQL Server table, if he is authenticated then he will be redirected to Default page and he can access any page in Admin folder, but not any page in User folderHere is one thing is important and that is login page in Admin folder and login page in User folder are differentSame scenario is for User folder Please tell me what is the right way to achieve this functionality
View 2 RepliesI am trying to connect to a web service that uses Kerberos Authentication to authorize the user, but all I get is a 401 unauthorized everytime I try to make the request. Below is the code that I am using.
public XPathNavigator GSASearch(string url, string searchString)
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url + searchString);
request.CookieContainer = new CookieContainer();
request.Credentials = CredentialCache.DefaultCredentials;
request.ContentType = "text/xml";
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream receiveStream = response.GetResponseStream();
XPathDocument doc = new XPathDocument(receiveStream);
return doc.CreateNavigator();
}
EDIT: I feel I should explain a bit more what I am attempting to do. I have been tasked with providing a new interface for my company's Google Search Appliance. I am using an ASP.NET page, which does some things like choose a Collection depending on where a user is located, etc. and then sends the appropriate search string the the GSA. This was all working well until they decided to turn authentication on, and now I can't get any results (I either get a 401 unauthorized, or a message stating that 'Data at the root level is invalid'). If I take the search string and provide it directly to the GSA, it authenticates fine, and displays the results, I just can't seem to get it through the HttpWebRequest.
EDIT 2: I did a little more looking (ran the request through Fiddler) and it looks like the request is only attempting Negotiate and not Kerberos. I set the credentials to use Kerberos explicitly as below, but it didn't help...
public XPathNavigator GSASearch(string url, string searchString)
{
CredentialCache credCache = new CredentialCache();
credCache.Add(new Uri(url), "Kerberos", CredentialCache.DefaultNetworkCredentials);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url + searchString);
request.CookieContainer = new CookieContainer();
request.PreAuthenticate = true;
request.Credentials = credCache;
request.ContentType = "text/xml";
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream receiveStream = response.GetResponseStream();
//StreamReader readStream = new StreamReader(receiveStream);
XPathDocument doc = new XPathDocument(receiveStream);
return doc.CreateNavigator();
}
EDIT 3: Ok, looking closer again, the CredentialCache.DefaultCredentials doesn't appear to have my network credentials in it...
I have a web form on a web page like this:
<form method="post" action="http://poston.domain.com/" enctype="multipart/form-data"> <input type="hidden" name="function" value="somevalue"> <input type="text" name="username" value="somevalue2"> <input type="text" name="password" value="somevalue3"> <input type="file" name="picture"> <input type="text" name="pictto" value="0"> <input type="submit" value="Send"></form>
I can post all the required data to that form on that page by calling the following function:
Public function GetResult(ByVal File As Byte)) as stringDim request As HttpWebRequest = CType(WebRequest.Create("http://poston.domain.com), HttpWebRequest)request.Method = "POST"request.KeepAlive = TrueDim boundary As String = "-------------------------" + DateTime.Now.Ticks.ToString("x")Dim header As String = vbCrLf & "--" + boundary + vbCrLfDim footer As String = vbCrLf & "--" + boundary + vbCrLfrequest.ContentType = String.Format("multipart/form-data; boundary={0}", boundary)Dim contents As StringBuilder = New StringBuilder()contents.Append(vbCrLf)contents.Append(header)contents.Append("Content-Disposition: form-data; name=""function""" & vbCrLf)contents.Append(vbCrLf)<br/>contents.Append("functionname1")contents.Append(header)contents.Append("Content-Disposition: form-data; name=""username""" & vbCrLf)contents.Append(vbCrLf)contents.Append(myusername)contents.Append(header)contents.Append("Content-Disposition: form-data; name=""password""" & vbCrLf)contents.Append(vbCrLf)contents.Append(mypassword)contents.Append(header)contents.Append("Content-Disposition: form-data; name=""pictto""" & vbCrLf)contents.Append(vbCrLf)contents.Append("0")contents.Append(header) contents.Append("Content-Disposition: form-data; name=""picture""; filename=""Untitled.jpg""" + vbCrLf)contents.Append("Content-Type: image/jpeg" + vbCrLf)contents.Append(vbCrLf)Dim BodyBytes As Byte() = Encoding.UTF8.GetBytes(contents.ToString())Dim footerBytes As Byte() = Encoding.UTF8.GetBytes(footer)request.ContentLength = BodyBytes.Length + File.Length + footerBytes.LengthDim requestStream As Stream = request.GetRequestStream()requestStream.Write(BodyBytes, 0, BodyBytes.Length)requestStream.Write(File, 0, File.Length)requestStream.Write(footerBytes, 0, footerBytes.Length)requestStream.Flush()requestStream.Close()Dim ret As String = NewStreamReader(request.GetResponse.GetResponseStream).ReadToEndreturn retend function
A Login.aspx has been created to enforce security on several forms of a web site.How can it be best called by each form at page load and return to that form after succesful login? How could that requirement be declared in web.config?
View 3 RepliesI have an application that uses ASP.NET Forms Authentication. For the most part, it's working great, but I'm trying to add support for a simple API via an .ashx file. I want the ashx file to have optional authentication (i.e. if you don't supply an Authentication header, then it just works anonymously). But, depending on what you do, I want to require authentication under certain conditions.
I thought it would be a simple matter of responding with status code 401 if the required authentication was not supplied, but it seems like the Forms Authentcation module is intercepting that and responding with a redirect to the login page instead. What I mean is, if my ProcessRequest method looks like this:
[code]....
Then instead of getting a 401 error code on the client, like I expect, I'm actually getting a 302 redirect to the login page.
For nornal HTTP traffic, I can see how that would be useful, but for my API page, I want the 401 to go through unmodified so that the client-side caller can respond to it programmatically instead.
I am using VWD 2010 on a windows 7 64 bit install. Using forms authentication I am not being redirected to the login page when not authenticated yet. Even if I start a new web site from template, clear out all cookies, I still go directly to default.aspx. The LoginView control displays the anonymous template verifing I am not authenticated.
configuration why redirection doesn't occur? Remember I am trying this with New Web site template with no mods so I don't think config issue is within application code.
How to create login authentication page using cookies in ASP.NET with C#?
View 1 RepliesI have implemented forms authentication but when I click my login button it just resets my page like nothing has happened.... I am using a url rewrite.... could this have anything to do with my issue?
WEB.CONFIG
Code:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="DBConnectionString" connectionString="Data Source=XXREMOVEDXX;Initial Catalog=XXREMOVEDXX;Persist Security Info=True;User ID=XXREMOVEDXX;Password=XXREMOVEDXX"
providerName="System.Data.SqlClient" />
[Code] ....
DEFAULT.ASPX.VB
Code:
Imports System.Data.SqlClient
Imports Utils
Partial Class login_default
Inherits System.Web.UI.Page
[Code] .....
UTILS.VB
Code:
Imports System
Public Class Utils
Public Shared Function SQLSafe(ByVal SQL As String) As String
SQLSafe = SQL.Replace("'", "''")
End Function
End Class
I am trying to automate a few things in wordpress blog, using HttpWebrequest.i have tried to get the login page "http://mywebsite.net/wp-admin"and then try to post with login data on page "http://www.mywebsite.net/wp-login.php"data = "log=admin&pwd=mypassword&wp-submit=Log+In&redirect_to=http%3A%2F%2Fmywebsite.net%2Fwp-admin%2F&testcookie=1"i am not able to login, wat i have discovered is that when using browser the cookies are sent to the server, but using HttpWebrequest the cookies are not sent on post, i am configured a cookiecontainer for the httpwebrequest and works fine other wise,.. and also on "post" the request host also changes to "www.mywebsite.net" and on "get" request it is "mywebsite.net"
View 2 Repliesi have a web site that uses forms authentication. the problem is that i have the site installed multiple times on the same production servers because i need to have a few different login pages (based on the domain in this case). after the domain specific login page, the rest of the site is the same. obviously, this requires a lot of maintenance as each new version has to be installed multiple times on the server (with varying the login page in the web.config file).
so i thought is there a way to install the site on 1 folder on the disk, have a web site on the IIS take in all the needed domains and make some http module (or some other solution) in which i could give it a list of domains and the forms authentication for that domain. this way make the login page used by each site change according to the domain while still having only one site to maintain on the server.
I am trying to simulate a POST to a form on an external server that does not require any authentication, and capture a sting containing the resulting page. This is what the form looks like:
<FORM METHOD="POST" ACTION="/controller" NAME="GIN">
<INPUT type="hidden" name="JSPName" value="GIN">
Field1:
<INPUT type="text" name="Field1" size="30"
maxlength="60" class="txtNormal" value="">
</FORM>
This is what my code looks like:
ASCIIEncoding encoding = new ASCIIEncoding();
string postData = "Field1=VALUE1&JSPName=GIN";
byte[] data = encoding.GetBytes(postData);
// Prepare web request...
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create("https://XXX/controller");
myRequest.Method = "POST";
myRequest.ContentType = "text/html";
myRequest.ContentLength = data.Length;
Stream newStream = myRequest.GetRequestStream();
// Send the data.
newStream.Write(data, 0, data.Length);
StreamReader reader = new StreamReader(newStream);
string text = reader.ReadToEnd();
MessageBox.Show(text);
newStream.Close();
Currently, the code returns "Stream was not readable".