Jsoup authentication failed

Question

I'm trying to connect this website : https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 with the following code :

Connection.Response response = Jsoup.connect("https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&flags=0&forcedownlevel=0&formdir=1&username=XXX&password=XXX&trusted=4&SubmitCreds.x=36&SubmitCreds.y=7&SubmitCreds=Ouvrir+une+session")
                        .method(Connection.Method.GET)
                        .execute();

                Document Doc = Jsoup.connect("https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1")
                        .data("username","myusername")
                        .data("password","mypassword")
                        .data("curl","Z2F")
                        .data("flags","0")
                        .data("forcedownlevel","0")
                        .data("formdir","1")
                        .data("trusted","4")
                        .data("SubmitCreds.x","40") //Seems to send the coordinates of the cursor
                        .data("SubmitCreds.y","12") //Seems to send the coordinates of the cursor
                        .data("SubmitCreds","Ouvrir une session")
                        .cookies(response.cookies())
                        .post();
                Log.e("Body", Doc.body().toString());

But The displayed "Body" is still the authentication page (No error in the Logcat) What's wrong ?

Here are the details of the connection, get with the Chromes's Console

Remote Address:85.90.60.205:443
Request URL:https://ent.enteduc.fr/CookieAuth.dll?Logon
Request Method:POST
Status Code:302 Moved Temporarily
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:165
Content-Type:application/x-www-form-urlencoded
Cookie:ISAWPLB{FE9B5C07-18E7-4D86-BC7C-2F0AFE4F36BF}={8A3F320B-C8EB-40F9-A11E-D036A91F953F}; __utma=136247269.742318163.1408441429.1408445338.1408450626.3; __utmb=136247269.5.10.1408450626; __utmc=136247269; __utmz=136247269.1408441429.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WSS_KeepSessionAuthenticated=; logondata=acc=0&lgn=*********
Host:ent.enteduc.fr
Origin:https://ent.enteduc.fr
Referer:https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Query String Parametersview sourceview URL encoded
Logon:
Form Dataview sourceview URL encoded
curl:Z2F
flags:0
forcedownlevel:0
formdir:1
username:myusername
password:mypass
trusted:4
SubmitCreds.x:53
SubmitCreds.y:12
SubmitCreds:Ouvrir une session
Response Headersview source
Connection:close
Content-Length:0
Location:https://ent.enteduc.fr/
Set-Cookie:cadata6A45CD714D774496A399F96AC521E21E....

I've taken the liberty of masking the username and password in your post. Please take care while posting them publicly. — Deepak Bala, Aug 19 '14 at 13:26
I'm unsure of why it fails. Is there a test user name and password that is not tied to a real account ? We can try to login with that and help you. — Deepak Bala, Aug 19 '14 at 13:42

score 0 · Answer 1 · answered Aug 19 '14 at 17:33

0

There is nothing wrong with your code. It works. I tried the default user name and password you supplied. This is what the site does...

You login successfully and it sends a HTTP 302 to the path / and also gives you a cookie that identifies you.

HTTP/1.1 302 Moved Temporarily Location: https://ent.enteduc.fr/ Set-Cookie: XXX

The browser requests for / and the server responds with another HTTP 302

HTTP/1.1 302 Found Connection: Keep-Alive Location: /etabs/0680001F/Pages/Accueil.aspx

Requesting for /etabs/0680001F/Pages/Accueil.aspx results in a 200 OK with HTML content written in french. Excusez moi ! Je ne parle pas francais.

Change your code to follow the redirects and set the cookies on each step and you should be fine.

[EDIT]

When you're done please remove the authentication info you supplied on this post.

answered Aug 19 '14 at 17:33

Deepak Bala

11,095
2
38
49

Thanks for patience. I've removed the authentication infos. But didn't manage to get the html of the authenticated page. I didn't find out what to change in my first code. – Stéphane GROSSMANN Aug 19 '14 at 18:23
Do not read the body. Instead get the response HTTP status code and check if it is 302. If yes then follow the `Location` header and make another request. Do this until you land in `/etabs/0680001F/Pages/Accueil.aspx` – Deepak Bala Aug 19 '14 at 18:39
For https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&flags=0&forcedownlevel=0&formdir=1 I get a 200 code and for https://ent.enteduc.fr/ a IOException : "No authentication challenges found" – Stéphane GROSSMANN Aug 19 '14 at 18:59
In fact, it seems there is no cookie set, according to this : response = Jsoup.connect("https://ent.enteduc.fr/CookieAuth.dll?GetLogon?curl=Z2F&flags=0&forcedownlevel=0&formdir=1") .method(Connection.Method.GET) .execute(); Log.e("Status1", String.valueOf(response.statusCode())); //returns 200 Log.e("Cookies", String.valueOf(response.cookies())); //returns {} – Stéphane GROSSMANN Aug 20 '14 at 08:06
Quite odd indeed. Can you intercept the traffic between your program and the site and confirm there is no `Set-Cookie` header ? – Deepak Bala Aug 20 '14 at 08:33
Header names: Connection Header Value: close Header names: Content-Length Header Value: 5638 Header names: Content-Type Header Value: text/html Header names: Pragma Header Value: no-cache Header names: Cache-control Header Value: no-cache,max-age=0,must-revalidate If you suggest another way getting the authenticated page html, it would be nice. I absolutely need to parse this page. – Stéphane GROSSMANN Aug 20 '14 at 08:55

Jsoup authentication failed

1 Answers1

Linked