[sk8ermeb]

Hello,
I am trying to write a program that opens a website that requires a user name and password to use. I have read many post here, on google and on MSDN and it always times out. this web server is a black box that I can't change or have access to. When I open the page with a web bowser a basic login screen pops up for user name and password so I am assuming that the following code should work but I am new to http code. I have tried the following 2 ways but it always times out. Thank you in advance,

StringBuilder sb = new StringBuilder();
String url = "<my url>";
String userName = "user";
String password = "pass";

byte[] buf = new byte[8192];

HttpWebRequest request = (HttpWebRequest) WebRequest.Creat(url);
request.Method = "POST";

NetworkCredential NC = new NetworkCredential(userName, password);
request.Credentials = NC;

//This is where the code times out.
HttpWebResponce responce = (HttpWebResponse) request.GetResponce(); 
Stream resStream = response.GetResponseStream();

//Then some stream print code to display raw data to console

And for the second way that I do not understand at all:

StringBuilder sb = new StringBuilder();
String url = "<my url>";
String userName = "user";
String password = "pass";

//I dont really understand how a formated string is used
String postData = string.Format("session[username]={0}&session[password]={1}", userName, password);

byte[] buf = new byte[8192];

HttpWebRequest request = (HttpWebRequest) WebRequest.Creat(url);
request.Method = "POST";
//This code makes no sense...MSDN said the options for
//contenttype are "get" or "set" but I have seen this in several 
//examples
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postData.Length;

StreamWriter requestWriter = new StreamWriter(request.getRequestStream());
requestWriter.Write(postData);

//This is where the code times out.
HttpWebResponce responce = (HttpWebResponse) request.GetResponce(); 
Stream resStream = response.GetResponseStream();

//Then some stream print code to display raw data to console

I am not sure how the second one is supposed to know what field to write the username and password unless it is contained in the string format, but then how do I figure out exactly how those fields are labeled on the website? anyways thank you again for any help

[eclipsed4utoo]

I wrote a tutorial on doing just this...

http://www.dreaminco...ogrammatically/

Try it out and see if that helps with your problem.

[tlhIn`toq]

I can't help with the web request but I can tell you about string.format

//I dont really understand how a formated string is used String postData = string.Format("session ={0}&session ={1}", userName, password);

{0} and (1} are place holders. When string.format is evaluated the first value after the quoted string is inserted where the {0} is. The second value is inserted at the {1}

"session ={0}&session ={1}", userName, password

is a lot more readable than

"session =" + username + "&session =" + password



string.format has a lot of other features you're not using here like for formatting numbers as currency
string.format( "{0:c}", 1.5)
would produce $1.50 in the USA or 1,50 in a European country where a coma is used where we use a period. The format knows to use the globalization/localization features of .NET automatically.

[sk8ermeb]

eclipsed4utoo, on 13 July 2010 - 07:28 AM, said:

I wrote a tutorial on doing just this...

http://www.dreaminco...ogrammatically/

Try it out and see if that helps with your problem.

Ok so I have gone through the tutorial... When I type in the URL before the web page loads I receive a popup asking for the user name and password. Of course the tamper program asks me if I want to tamper before it will actually let this happen. when I do there is nothing on the right hand side, no posts. Then it lets the popup happen, I enter in the username and password...again before loading the web page it asks if I want to tamper. No posts still. on the left hand side there is an "Authorization" header and the value is some long code that is the same every time I load the page. Can I use this potentially? or is there anything else I should look for?

[eclipsed4utoo]

sk8ermeb, on 13 July 2010 - 01:58 PM, said:

eclipsed4utoo, on 13 July 2010 - 07:28 AM, said:

I wrote a tutorial on doing just this...

http://www.dreaminco...ogrammatically/

Try it out and see if that helps with your problem.

Ok so I have gone through the tutorial... When I type in the URL before the web page loads I receive a popup asking for the user name and password. Of course the tamper program asks me if I want to tamper before it will actually let this happen. when I do there is nothing on the right hand side, no posts. Then it lets the popup happen, I enter in the username and password...again before loading the web page it asks if I want to tamper. No posts still. on the left hand side there is an "Authorization" header and the value is some long code that is the same every time I load the page. Can I use this potentially? or is there anything else I should look for?

can you post a link to the site(assuming it's publically available)?

[Imdsm]

//I dont really understand how a formated string is used
String postData = string.Format("session[username]={0}&session[password]={1}", userName, password);

Why are you trying to pass it session variables?

If you're sending it via POST then why not try this and tell us if it works:

//I promise I will read a tutorial on string.Format
String postData = string.Format("username={0}&password={1}", userName, password);

[eclipsed4utoo]

Imdsm, on 13 July 2010 - 02:42 PM, said:

//I dont really understand how a formated string is used
String postData = string.Format("session[username]={0}&session[password]={1}", userName, password);

Why are you trying to pass it session variables?

If you're sending it via POST then why not try this and tell us if it works:

//I promise I will read a tutorial on string.Format
String postData = string.Format("username={0}&password={1}", userName, password);

personally, I don't think he is trying to post session variables. "session[username]" could actually be one of the post parameters. Twitter uses "session[username_or_email]" and "session[password]".

This post has been edited by eclipsed4utoo: 13 July 2010 - 12:04 PM

[sk8ermeb]

eclipsed4utoo, on 13 July 2010 - 10:09 AM, said:

can you post a link to the site(assuming it's publically available)?

Unfortunatly it is not publically available I dont even have access to the html code since its literally hardcoded into firmware!!

Quote

personally, I don't think he is trying to post session variables. "session[username]" could actually be one of the post parameters. Twitter uses "session[username_or_email]" and "session[password]".

And I may not actually be trying to "post" something since the tamper program never reported anything on he post side.

The information on from tamper said:
status: 401, method : get, content tpye: "text/html"
for the info before the login request
and the following before the web page loaded but after I entered the login info:
status:302 method: get content type: "application /x -unknown-content-type"

Is there anywhere I can learn more about this sort of thing that is not MSDN?

I think that the authentication code I recieve on the second entry(after I enter login info) may be what I need, I am just not sure how to use it.

[Frinavale]

sk8ermeb, on 13 July 2010 - 06:46 PM, said:

Unfortunatly it is not publically available I dont even have access to the html code since its literally hardcoded into firmware!!

If you can connect to the device and a web page is displayed in your web browser then you have access to the HTML code.
You don't have access to the software that generates the HTML code but you do have access to the HTML code that the software produces....the browser downloads it.

Right click somewhere within the browser (preferably not on an image...) and click "view source".
That is the HTML for the page.
That is what is being downloaded HttpWebRequest object.


-Frinny

This post has been edited by Frinavale: 13 July 2010 - 01:46 PM

[sk8ermeb]

Frinavale, on 13 July 2010 - 12:46 PM, said:

sk8ermeb, on 13 July 2010 - 06:46 PM, said:

Unfortunatly it is not publically available I dont even have access to the html code since its literally hardcoded into firmware!!

If you can connect to the device and a web page is displayed in your web browser then you have access to the HTML code.
You don't have access to the software that generates the HTML code but you do have access to the HTML code that the software produces....the browser downloads it.

Right click somewhere within the browser (preferably not on an image...) and click "view source".
That is the HTML for the page.
That is what is being downloaded HttpWebRequest object.


-Frinny

Yes thank you! after doing this and then consulting co-workers, they have concluded that it is a HTTP "Basic Authentication Scheme" on a "GET" request not a "POST" and in the code we were able to find the field name for the user and password. Can someone point me in a direction on code to implement this? I tried using
System.Net.NetworkCredential
as shown in my first post with a get request with the user name and password and instead of timing out I receive the good old 401 un-authorized.

[sk8ermeb]

I figured it out!!! you need to cache it first to specify your authentication scheme...and this made it work perfectly

StringBuilder sb = new StringBuilder();
String url = "<my url>";
String userName = "user";
String password = "pass";

byte[] buf = new byte[8192];

HttpWebRequest request = (HttpWebRequest) WebRequest.Creat(url);
//This may be "GET" or "POST" depending
request.Method = "GET";

NetworkCredential NC = new NetworkCredential(userName, password);
//This is what I didn't know You  need to 
//cache it in order to specify your authentication scheme!!!!!!!!
CredentialCache myCache = new CredentialCache();
myCache.add(new Uri(url), "Basic", NC);


request.Credentials = myCache;


HttpWebResponce responce = (HttpWebResponse) request.GetResponce(); 
Stream resStream = response.GetResponseStream();

//Then some stream print code to display raw data to console