tags:

views:

29

answers:

1
Q: 

Problem authenticating by doing a POST to an HTTPS page.

This relates to my other question on accessing a REST service that uses forms authentication, but I feel it is substantially enough a discrete issue.

When I paste a REST call into my browser address bar, before I am authenticated, I am redirected to a login page on the services web site. I log in and receive a cookie, which authenticates subsequent REST calls or user oriented page requests.

When I recreate the login screen locally and perform the same HTTPS POST that the online login screen performs, I get the error 422 - Unprocessable Entity. I have compared my POST request and that from their login screen, and there are precisely two headers that differ, being "Referer" and "Cookie". Even when I set these headers in my request to the same as in their request, I still get the same error.

+1  A: 

Any REST call you are typing into your address bar is an HTTP GET (or HTTPS GET) not POST -

maybe this is the problem?

just change

<form method="POST">

to

<form method="GET">
Jiaaro  2009-10-20 18:45:45
No, the call I type in is a get, it redirects to the login page which does a post - I don't type the login post it, I post it from a replica of their login form.
ProfK  2009-10-20 19:06:06
hmm... does their documentation suggest that you do that? I would think allowing remote sites to POST to your login form could be a security problem.They're probably requiring a session cookie to stop people from doing exactly that
Jiaaro  2009-10-21 12:47:07

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?