0

I am having difficulties interacting with a website which use basic authentication to authenticate the user.

I am working on visual basic and i have already tried to use

Dim req As HttpWebRequest = HttpWebRequest.Create("http://url.to.website.com")

adding the headers directly to the web request:

req.Headers.Add("Authorization: Basic " & Convert.ToBase64String(Encoding.Default.GetBytes("user" & ":" & "password")))

or using the network credentials:

 req.Credentials = New Net.NetworkCredential("user", "password")

receiving always the same response code: 401 Unauthorized

Using Firefox developer tools i can analyze and resend some web requests and only using Firefox i am able to authenticate correctly.

Firefox report these headers:

Host: url.to.website.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101     Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http.//url.to.website.com/portal/data/pub
DNT: 1
Authorization: Basic ZmFrZTpwYXNzd29yZA==
Connection: keep-alive

So i have tried to set it manaually this way:

req.Host = "url.to.website.com"
req.UserAgent = "Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"
req.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
req.Referer = "https://url.to.website.com/some/path/to/file.jsf"
req.ContentType = "application/x-www-form-urlencoded"
req.KeepAlive = True
req.PreAuthenticate = True
req.Method = "POST"
req.Headers.Add("Authorization: Basic " & Convert.ToBase64String(Encoding.Default.GetBytes("user" & ":" & "password")))

with no success (receiving always the same response code: 401 Unauthorized)

Another try was with a web-browser:

WebBrowser1.Navigate("url", Nothing, Nothing, "Authorization: Basic " & Convert.ToBase64String(Encoding.Default.GetBytes(AUTH_USER & ":" & AUTH_PASSWORD)))

My objective is to authenticate, then query some pages and collect responses in order to parse them and use it later in the application.

How can i solve the issue about authentication?

The website is written using JSF and i have no control over it.

Update:

My problem is about authentication, not yet about the jsf application.

While using Firefox all work fine (I can send a request to the website and it will authenticate me right) but while using the HttpWebRequest the authentication fails, even if I set the same headers, as Written before .

I have to figure out the difference between the two requests

Raziel
  • 444
  • 6
  • 22
Rocco Mancin
  • 80
  • 6
  • So you are doing 'screenscraping'? Good luck... Hope the other side does not change **anything**. And JSF does not do basic authentication. That is up to the container, and if it is is checked by some code in the page, that is not related to the concept of Basic Authentication. So you question is tagged completely wrong. See also http://stackoverflow.com/questions/12175763/how-to-send-post-request-to-jsf-component-without-using-html-form – Kukeltje Feb 11 '16 at 12:27
  • And what does 'with no success' mean? It blew up the moon? – Kukeltje Feb 11 '16 at 12:32
  • I was receiving always the same response code: 401 Unauthorized – Rocco Mancin Feb 11 '16 at 14:28
  • @Kukeltje I know the autentication isn't done by the jsf app, i have said the technology to provide some context. You are right about the tags, my bad, i have updated them – Rocco Mancin Feb 11 '16 at 14:46

1 Answers1

0

I had to get this working for Dukes Forest Java EE Tutorial Port to Wildfly. The code was already written, but the header was case sensitive. Anyway, the code used there is as follows:

/* Client filter for basic HTTP auth */
class AuthClientRequestFilter implements ClientRequestFilter {
    private final String user;
    private final String password;
    public AuthClientRequestFilter(String user, String password) {
        this.user = user;
        this.password = password;
    }
    @Override
    public void filter(ClientRequestContext requestContext) throws IOException {
        try {
            requestContext.getHeaders().add(
                "Authorization",
                "Basic " + DatatypeConverter.printBase64Binary(
                    (user+":"+password).getBytes("UTF-8"))
            );
        } catch (UnsupportedEncodingException ex) { }
    }
}

The DatatypeConverter is imported from javax.xml.bind. This code was called from the following routine, which has the HTTPClient:

Client client = ClientBuilder.newClient();
client.register(new AuthClientRequestFilter("jack@example.com", "1234"));
Response resp = client.target(ENDPOINT)
    .request(MediaType.APPLICATION_XML)
    .post(Entity.entity(order, MediaType.APPLICATION_XML), Response.class);
int status = resp.getStatus();
if (status == 200) {
    success = true;
}
logger.log(Level.INFO, "[PaymentHandler] Response status {0}", status);
client.close();
return success;

This client code posts to a RESTful service.

K.Nicholas
  • 10,956
  • 4
  • 46
  • 66
  • Are you sure the 'client' part of the code can do a post to to a jsf page like this? I strongly doubt it.... (application/xml? No 'viewstate'?) please **try**, see also http://stackoverflow.com/questions/12175763/how-to-send-post-request-to-jsf-component-without-using-html-form – Kukeltje Feb 11 '16 at 12:29
  • I will have to interact with the website but before i can do this i have to successfull authenticate, so before thinking about JSF application i have to figure out the auth – Rocco Mancin Feb 11 '16 at 14:50
  • @Nicholas thanks for the code but as far i can see is the same as the one i have already tried. The problem is that even if i set the headers the same as firefox (wich works) my app don't work – Rocco Mancin Feb 11 '16 at 17:41