Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Programmatically Logging into an ASP.NET Website

RSS
Modified on Thu, Aug 13, 2015, 3:10 PM by Administrator Categorized as ASP·NET MVC, ASP·NET Security, ASP·NET Web Forms

Overview

The following Website class is used for programmatically logging into an ASP.NET website.

  • The Init method is used to retrieve the Request Verification Token from the login page.
  • The Login method is used to log into the website and retrieve the value of the authentication cookie.
  • The Download method is used to download the contents of a specific web page to a local file.

Acknowledgements


Sample Calling Code

static void Main(string[] args)
{
    /*--- Inits ---*/
    var targetPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop));
            
    var ws = new Website();
    ws.RootUrl = "http://localhost:54392";
    ws.LoginPage = "/Account/Login";
    ws.UserNameField = "UserName";
    ws.PasswordField = "Password";
    ws.AuthenticationCookieName = "ASP.Net Cookie?";

    /*--- Initialize and Log Into the Website ---*/
    ws.Init();
    ws.Login("MyLoginName", "MyPassword");

    /*--- Download a PDF ---*/
    var id = 162250;
    var sourcePage = string.Format("/Customer/PrintableProfile/{0}", id);
    var targetFile = string.Format("Download_{0}.pdf", id);
    targetFile = Path.Combine(targetPath, targetFile);

    ws.Download(sourcePage, targetFile);

}

Reusable Code

The Website class uses the UrlPath class, which can be found here.

Website Class

using System.Net;
using System.Text;

public class Website 
{
    public string RootUrl { get; set; }
    public string LoginPage { get; set; }
    public string LoginUrl
    {
        get { return UrlPath.Combine(RootUrl, LoginPage); }
    }
    public string UserNameField { get; set; }
    public string PasswordField { get; set; }
    public string AuthenticationCookieName { get; set; }

    private const string RequestVerificationTokenField = "__RequestVerificationToken";

    private string _requestVerificationToken;
    private string _authenticationCookie;

    public void Init()
    {
        /*--- Inits ---*/
        var htmlResult = string.Empty;
        var wr = (HttpWebRequest)WebRequest.Create(LoginUrl);
        wr.KeepAlive = false;
        wr.ProtocolVersion = HttpVersion.Version10;
        wr.Method = "GET";

        /*--- Get Response ---*/
        using (var response = (HttpWebResponse)wr.GetResponse())
        {
            using (var rs = response.GetResponseStream())
            {
                using (var sr = new System.IO.StreamReader(rs))
                {
                    htmlResult = sr.ReadToEnd();
                    sr.Close();
                }
            }
        }

        /*--- Get Request Verification Token ---*/
        /* <input name="__RequestVerificationToken" type="hidden" value="xyz" /> */
        var pos = htmlResult.IndexOf(RequestVerificationTokenField);
        if (pos >= 0)
        {
            pos = htmlResult.IndexOf("value", pos);
            if (pos >= 0)
            {
                pos = htmlResult.IndexOf("\"",pos);
                if (pos >= 0)
                {
                    var pos2 = htmlResult.IndexOf("\"", pos + 1);
                    _requestVerificationToken = htmlResult.Substring(pos + 1, pos2 - pos - 1);
                }
            }
        }
            
    }

    public void Login(string username, string password)
    {
        /*--- Build Request Body ---*/
        var sb = new StringBuilder();
        sb.AppendPostData(RequestVerificationTokenField, _requestVerificationToken);
        sb.AppendPostData(UserNameField, username);
        sb.AppendPostData(PasswordField, password);
        var content = sb.ToString();
        byte[] postData = Encoding.UTF8.GetBytes(content);

        /*--- Build POST Request ---*/
        var postRequest = (HttpWebRequest)WebRequest.Create(LoginUrl);

        /* This next line is CRITICAL to getting the login to work.  See 
            * https://www.stevefenton.co.uk/2012/10/automating-web-login-with-httpwebrequest/
            * for the reasons why. */
        postRequest.AllowAutoRedirect = false;

        postRequest.KeepAlive = false;
        postRequest.ProtocolVersion = HttpVersion.Version10;
        postRequest.Method = "POST";
        postRequest.ContentType = "application/x-www-form-urlencoded";
        postRequest.ContentLength = postData.Length;

        using (var requestStream = postRequest.GetRequestStream())
        {
            requestStream.Write(postData, 0, postData.Length);
            requestStream.Flush();
            requestStream.Close();
        }

        /*--- Submit Request and Get Response ---*/
        using (var postResponse = (HttpWebResponse)postRequest.GetResponse())
        {
            using (var rs = postResponse.GetResponseStream())
            {
                using (var sr = new System.IO.StreamReader(rs))
                {
                    var htmlResult = sr.ReadToEnd();
                    var cookies = postResponse.Headers["Set-Cookie"];                        
                        
                    /*--- Retain the Authentication Cookie for Later ---*/
                    if (cookies.Contains(AuthenticationCookieName))
                    {
                        var cp = new CookieParser(cookies);
                        _authenticationCookie = cp.Parse(AuthenticationCookieName);
                    }

                    sr.Close();
                }

                rs.Close();
            }

            postResponse.Close();
        }

    }

    public void Download(string sourcePage, string targetFile)
    {
        /*--- Inits ---*/
        var url = UrlPath.Combine(RootUrl, sourcePage);
        var wr = (HttpWebRequest)WebRequest.Create(url);
        wr.CookieContainer = new CookieContainer();

        wr.CookieContainer.Add(GetAuthenticationCookie());

        wr.KeepAlive = false;
        wr.ProtocolVersion = HttpVersion.Version10;
        wr.Method = "GET";

        /*--- Get Response ---*/
        using (var response = (HttpWebResponse)wr.GetResponse())
        {
            using (var rs = response.GetResponseStream())
            {
                using (var file = new System.IO.FileStream(targetFile, System.IO.FileMode.OpenOrCreate, 
                                System.IO.FileAccess.Write, System.IO.FileShare.Read))
                {
                    rs.CopyTo(file);
                }
            }
        }
    }

    private Cookie GetAuthenticationCookie()
    {
        var result = new Cookie(AuthenticationCookieName, _authenticationCookie);
        result.Path = "/";
        result.HttpOnly = true;
        result.Domain = "localhost";
        return result;
    }
}

CookieParser Class

using System.Text.RegularExpressions;

public class CookieParser
{
    public string Cookies { get; private set; }

    public CookieParser(string cookies)
    {
        Cookies = cookies;
    }
    public string Parse(string cookieName)
    {
        string result = null;
        var pattern = cookieName + "=(?<value>.+?);";
        var regex = new Regex(pattern);
        var mc = regex.Matches(Cookies);

        if (mc.Count > 0)
            result = mc[0].Groups["value"].Value;

        return result;
    }
}

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2018, Patrick Jasinski.