Iggy Evans wrote:
> Hi,
>
> My app is trying to login to an ASP.NET site that uses Forms
> authentication. I am trying to do in my app (what was previously
> posted in a newsgroup) the same that a browser does: 3) The browser
> requests the login page specified. 4) The server responds with the
> login page 5) The user fills in the login page and submits the form,
> so the browser POSTs the form back to the login page 6) If the
> credentials are valid, the server responds with another "302 Page
> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication
> Ticket.
>
> I build a Post request to login.aspx and use HttpWebRequest to send
> it. I use HttpWebResponse to get the response.
>
> I have sent the proper login & password & VIEWSTATE info and all that
> stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found"
> with 3 Set-Cookie Headers. The web site redirects me to default.aspx;
> the trace shows my side (IIS?) sending a GET request for
> default.aspx, and that's what my app gets in my HttpWebResponse
> object. The problem is that I don't get logged in because this
> automatic GET request (below my app somewhere) doesn't get the
> cookies from the "302 Found" response and send it with the request; I
> know this because I run the trace and do the same steps from a
> browser, and in that session, the cookies get passed properly in the
> 'GET default.aspx' request.
The most simple explanation is that you didn't set a CookiContainer in your
HttpWebRequest. If you don't, the framework won't process cookies and
they're all lost.
Cheers,
--
Joerg Jooss
Similar Threads
