0

I am trying to pull cookies from a secure website that I will then login & download docs from using winhttp with the cookies. I can login successfully thru IE, but I need to download the documents "silently". I've done this succesfully on one other site & I am trying to replicate the method. The key before was to send the login script line on my send statement. This time I'm not getting any cookies back. But I'm not sure how to tell if I'm authenticating correctly.

When I send thru the string I think is correct I get a content-length of 139932, when I send one I know will fail I get Content-Length: 8706. So something seems to be happening, but no cookies come. I'm using the same basic code as the other job that works, just customizing the headers.

strUrl = "https://policy.velocityrisk.com/login.aspx?ReturnUrl=%2f"    
Set XMLHTTP = CreateObject("MSXML2.serverXMLHttp")
XMLHTTP.Open "POST", Trim(strUrl), False            'post request
XMLHTTP.setRequestHeader "Cache-Control", "no-cache"
XMLHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
XMLHTTP.setRequestHeader "Referer", 
"https://policy.velocityrisk.com/login.aspx?ReturnUrl=%2f"
 "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
 XMLHTTP.setRequestHeader "Accept-Language", "en-US"
 XMLHTTP.setRequestHeader "Accept-Encoding", "gzip , deflate, br"
XMLHTTP.setRequestHeader "Host", "policy.velocityrisk.com"
XMLHTTP.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
XMLHTTP.setRequestHeader "Connection", "keep-alive"
XMLHTTP.setRequestHeader "Content-Length", "632"
XMLHTTP.setRequestHeader "Upgrade-Insecure-Requests", "1"
XMLHTTP.Send strAuthenticate
  While XMLHTTP.ReadyState <> 4
  Sleep 1000
  Wend

 strHeaders = XMLHTTP.getAllResponseHeaders()
Debug.Print strHeaders

Where strAuthenticate looks like

strAuthenticate = "__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTczMDIxMzI4NQ8WAh4OSXNTeXN0ZW1JblRlc3RoFgICAw9kFgQCBQ8PFgIeCEltYWdlVXJsBRp%2BXEltYWdlc1xWZWxvY2l0eV9sb2dvLmpwZ2RkAg0PZBYCAgMPDxYCHgRUZXh0BTUmY29weTsgV2F0ZXJTdHJlZXQgQ29tcGFueSAyMDE5LiBBbGwgcmlnaHRzIHJlc2VydmVkLmRkZAORdupkttjyAbR%2FQlVf%2Bp3NAh5%2F&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEdAAX2Ij4yfCg8Y30E3S3Eqyyc8VklVdzG4s%2FiHDNMch2m9g6cbZuZV%2FeBRVrjmM1xbCNwqSoE6vOBYOvmhKXLU5mU%2B5y5Vq4V5va3AqJ7ynUhz4Fpi%2F%2Br%2BnbGylFevanXta3FVMki&HiddenFieldWindowId=&AquantLogin%24UserName=MYUSERNAMEHERE&AquantLogin%24Password=MYPASSWORDHERE&AquantLogin%24LoginButton=Log In"

I've taken this from Firefox LiveHeaders & Fiddler although the two programs show a slightly different version, but I've tried both. UserName & passwords I know are correct. I login perfectly on the website thru IE. How can I tell or get an authentication response code & know If I'm logged in or not? It might be that I need to pull the cookies from the subsequent page (although I don't think so).

Here's my response header: STATUSCODE:200 OK Cache-Control: private Date: Mon, 11 Feb 2019 20:31:23 GMT Content-Length: 141406 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-UA-Compatible: IE=Edge,chrome=1

Thank you in advance.

Jim Carney
  • 87
  • 2
  • 10
  • 1
    Try to log in on the website in IE and use MSXML2.XMLHTTP in your code. It uses IE cookies. – omegastripes Feb 11 '19 at 20:55
  • Omegastripes, thank you for the response. Can you tell me a bit more specifically how to implement MSXML2.XMLHTTP in your suggestion. I don't think I need a lot but xml is definitely not my thing. I can write the IE navigation and login & get into the website. I usually use Dim HTMLDoc As MSHTML.HTMLDocument and then can use HTMLDoc.getElementBy's to navigate around. I've use document.cookie before but that wont pull the httponly cookies I need. Once I'm in, what do I write? Thank you! – Jim Carney Feb 11 '19 at 21:22
  • Omegastripe, I'd still be interested to know how to implement your suggestion as I'd like to learn, but as an update: From one of your previous posts you had shown me about a site being redirected by reading the header.Looking at this one, it too is being redirected. So I switched to winhttp & turned off re-directions & success! So I am in as they say & I retrieved the two cookies I need for download to work. So thank you for your help! – Jim Carney Feb 13 '19 at 00:05
  • `Msxml2.ServerXMLHTTP` actually built on `WinHttpRequest`. Read more about [ServerXMLHTTP](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms762278(v=vs.85)), and [WinINet vs. WinHTTP](https://learn.microsoft.com/en-gb/windows/desktop/WinInet/wininet-vs-winhttp). I would inspect all XHRs made by the webpage using a browser Devtools Network tab. There might be some redirections that can be handled with `WinHttp.WinHttpRequest.5.1` only, so that you be able to extract the necessary cookies. Also [check this](https://stackoverflow.com/a/49102412/2165759). – omegastripes Feb 13 '19 at 00:23

0 Answers0