0

I was greeted with an interesting and strange issue today. a bit of history - A few days ago I wrote a method utilizing Webclient to post information to a wordpress login page, and it returned to me an HTML response which was either "Logged In" or "Invalid credentials"

...
                using (var webClient = new WebClient())
                {

                    var email = ((User)user).email;
                    var password = StringCipher.Decrypt(((User)user).password, CIFFConstants.CryptoKey);
                    webClient.UploadValues($"{host}/bloginternal/wp-login.php", new NameValueCollection()
                            {
                                { "log", email },
                                { "pwd", password
                            }});
                    var message = System.Text.Encoding.Default.GetString(result);
                    LogResponseFromServer(message);
                }...

This method went awry today by returning me the login page itself where it didn't seem to have posted the log and pwd variables to the form on the page, nor attempt to submit the form.

I thought "ok, maybe WebClient is not the best way to deal with this situation" and took a second approach using WebRequest

            var email = ((User) user) + "test";
            var password = StringCipher.Decrypt(((User) user).password, CIFFConstants.CryptoKey);

            var baseAddress = $"{host}/bloginternal/wp-login.php";

            var http = (HttpWebRequest)WebRequest.Create(new Uri(baseAddress));
            http.Accept = "application/json";
            http.ContentType = "application/json";
            http.Method = "POST";

            var parsedContent = new JavaScriptSerializer().Serialize(new { log = email, pwd = password});
            var encoding = new ASCIIEncoding();
            var bytes = encoding.GetBytes(parsedContent);

            var newStream = http.GetRequestStream();
            newStream.Write(bytes, 0, bytes.Length);
            newStream.Close();

            var response = http.GetResponse();

            var stream = response.GetResponseStream();
            var sr = new StreamReader(stream);
            var content = sr.ReadToEnd();

note the bogus "test" I added after email - that was literally for testing purposes to see if the page would return "invalid login" to me like it used to.To my dismay, it still returned only the login page, where the form didn't seem like it submitted any information.

The ajax I am trying to reproduce is as follows:

$.ajax({
                url: '/bloginternal/wp-login.php',
                data: { log: values.Email, pwd: values.Password },
                type: "POST",
                async: false,
                success: function () {

                }
            });

The strange part is that the WebClient solution worked perfectly fine and I was able to imitate the ajax call listed above by checking whether the response returned a "logged in" status or "invalid credentials" status.

What could be the reasons why the site I am posting to returns only the stock login page as if no information has been submitted? Have I missed anything in my reproductions of the Ajax call which might have affected what the server returned to me?

Eon
  • 3,833
  • 10
  • 46
  • 75

1 Answers1

0

Use a tool like Fiddler to examine the headers and POST data sent by the browser when you log in manually and compare that to what your WebRequest code sends. It could be that you need to submit a User-Agent value, retrieve a value from the login page before POSTing your login attempt, or any number of other things. Be thorough in your comparison.

As an aside, when setting up Fiddler, you may not see the requests made by your .NET code. If that happens, refer to this post for a possible fix.

Community
  • 1
  • 1
Taudris
  • 1,413
  • 1
  • 15
  • 23