0

Scenario - When I go to URL 1 in my browser, it authenticates me based on the querystrings and redirects me to a page where I can see the information I want. I can see that upon going to URL 1 and being authenticated there about 6-7 cookies that get added to my browser. Once I have been redirected, I open a different URL - URL 2 and it opens without an issue.

If I try to do the same using HttpWebRequest or WebBrowser in C#, I never receive the cookies from the first request - I have a feeling this is because I am not waiting for the response to end before moving on to making a request to URL 2.

I think what I need to do is

  1. Make a request to URL 1
  2. Wait for the response and redirect
  3. Now I SHOULD have access to cookies to put in a cookie container to go off to page 2
  4. page 2 should open up to give me the info I need instead of returning 401
vhu
  • 12,244
  • 11
  • 38
  • 48
muksp
  • 1
  • 1
    What you think you should do is right. I'm not sure why you would expect an authenticated request to work when you're not authenticated. – CodeCaster Sep 04 '15 at 10:37
  • I think that if you use Fiddler you'll see that the cookies *are* returned. Unless you store them somewhere though, they won't be saved or reused. That's entirely logical as otherwise your code would be automatically exposing cookies from one domain to another. The duplicate question shows how to use a CookieContainer to pass cookies from one request to another – Panagiotis Kanavos Sep 04 '15 at 10:58
  • @PanagiotisKanavos Thanks - I managed to get all the cookies that get added to the browser in url 1 within the http web request. However, when i make the second request after allocating the container - I still get a 401. – muksp Sep 04 '15 at 11:40
  • a plain cookieContainer.Add( response.Cookies) will not work. You need to follow the [steps mentioned here to add cookies](http://thomaskrehbiel.com/post/1690-cookiecontainer_httpwebrequest_and_secure_cookies/). This is all assuming that you are relying on cookies for maintaining the authentication session and not url (which is used in some token based authentication) – lazy Sep 04 '15 at 16:32

0 Answers0