How to authenticate before a post in C#?

Question

I have a local website (not mine) that requires authentication before doing some queries. The authentication header looks like this:

Host: 192.168.7.9
Connection: keep-alive    
Content-Length: 185
Origin: http://192.168.7.9
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/27.0.1453.3 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
DNT: 1
Referer: http://192.168.7.9/signin
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: _FProEnterprise_session=BAh7CzoVbmVlZF93ZWxjb21lX21zZ1Q6D3Nlc3Npb25faWQiJTUxNjI5OGRiMDNmNjU4ZDg4ODE3NmFiZjhmMDU3YTI2OglzaXRlSSIKc2l0ZTAGOgZFRjoObGFuZ19wYXRoSSIHZW4GOwhUOg5vbmVfY2xpY2tGOgx1c2VyX2lkaRE%3D--0c6634a714baa7f0e4795aee89b31f9b7ec0565e

And the request body looks like this:

username=myusername&password=mypassword

I'm not super great with how authentication works. So first, is this forms authentication? I'm guessing it is, since I have to enter my username and password on the site then submit to get in.

Second, why is there a Cookie already there? Is it from a previous session perhaps, and I can ignore it?

My goal is to reproduce this in C#, so that I can authenticate, get the cookie and then post data and retrieve results from this site. At least thats what I think I need to do. Links and code would be super helpful. If it's helpful I need to make this request from my web.api app controller.

MeTitus · Answer 1 · 2013-03-29T18:45:19.217

0

That is using plain HTTP authentication and the cookies are from an old session.

http://en.wikipedia.org/wiki/Basic_access_authentication

edited Mar 29 '13 at 18:45

answered Mar 29 '13 at 18:33

MeTitus

3,390
2
25
49

Windows Forms != forms authentication. – GalacticCowboy Mar 29 '13 at 18:35

score 0 · Answer 2 · answered Mar 29 '13 at 18:35

0

You use asp.net membership provider and do the authentication like Membership.ValidateUser() and that will authenticate the formsauthentication also. Check if it is authenticated if (Context.User.Identity.IsAuthenticated) - FormsAuthentication.SignOut();

You need sql server or some kind of authentication mechanism first to save the username and password.

answered Mar 29 '13 at 18:35

iefpw

6,816
15
55
79

I'm confused... I'm not authenticating a user, the site I'm trying to access does that authentication- in a way that I hoped the header would show. I need to authenticate, get the cookie and then make subsequent posts with that cookie (I think) to get the data I need. – Nicros Mar 29 '13 at 19:03

score 0 · Answer 3 · answered Mar 29 '13 at 18:39

This seems to be an AJAX request (X-Requested-With: XMLHttpRequest). Therefore the user has to be on the web page first, which is when the session started. That is when the user gets the session cookie, which is sent every time to keep track of the session. This session is also kept on the server, where login information is stored - whether or not you're logged in, and who you are.

The contents seem to be a simple HTTP form, but since it came from an XMLHttpRequest it could just as well be created using Javascript. This is at least the standard way to send POST data through HTTP.

Is it possible to reproduce this in C#? I could do this in ajax as well... I was just thinking it was easier to do in C#. Would you happen to have a link to code (C# or ajax) that can authenticate, store the cookie and then use that cookie on subsequent requests? — Nicros, Mar 29 '13 at 18:54

score 0 · Accepted Answer · edited May 23 '17 at 10:25

This link solved it for me: HERE

My final code (in my web.api controller looked like this):

    public static string JsonWithAuth( string url, string data )
    {
        var bytes = Encoding.Default.GetBytes( data );

        using ( var client = new WebClientEx() )
        {
            var values = new NameValueCollection
            {
                { "username", "myUsername" },
                { "password", "myPassword" },
            };
            // Authenticate
            client.UploadValues( "http://192.168.7.9/main/signin", values );

            // Post data
            var response = client.UploadData( url, "POST", bytes );

            return Encoding.Default.GetString( response );
        }
    }

And this was the class that made it work (from the linked answer):

/// <summary>
/// A custom WebClient featuring a cookie container
/// </summary>
public class WebClientEx : WebClient
{
    public CookieContainer CookieContainer { get; private set; }

    public WebClientEx()
    {
        CookieContainer = new CookieContainer();
    }

    protected override WebRequest GetWebRequest( Uri address )
    {
        var request = base.GetWebRequest( address );
        if ( request is HttpWebRequest )
        {
            ( request as HttpWebRequest ).CookieContainer = CookieContainer;
        }
        return request;
    }
}

So my final call was like this:

string sampleInfo = JsonWithAuth(
    "http://192.168.7.9/samples/sample_locations_list",
    "sort=position&dir=ASC&box_id=");

Hope that helps someone else!

How to authenticate before a post in C#?

4 Answers4