views:

123

answers:

1

Hi,

I'm not sure if I'll be clear enough in my explaination to make you guys understand, but I'll try.

Here's my problem:

We have an external site which the users in our company connect to by giving their corresponding username and password. The external site is an ASP.NET website. We want to integrate this website into our intranet portal so that the users don't have to enter their UN/Pwd to login to the website. Since the target website has no provision for SSO, we are simulating the POST request to login.

So far so good.

We are now required to perform an action after the initial login is done, on an another page. We can simulate the corresponding POST request as well. But the problem is since we are not maintaining any session information in our initial POST request, it always redirects to the login screen!

Is there any way to maintain ASP.NET session information between multiple calls done programmatically? Can we create an ASP.NET session id cookie programmatically and then pass it along with our initial request?

Or this is not possible at all?

Any comments are appreciated.

Thanks for your help.

Regards.

A: 

Maintaining the state is the responsibility of the other site (typically in a cookie).

You should perform the actions manually, then use Fiddler to compare the HTTP requests and figure out what's wrong.

SLaks
After I Post the login request programmatically, I don't see any cookies returned in the response.Since its HttpWebRequest, shouldn't the target site create the ASP.NET_SessionId cookie and return it in the response? Or Am I missing something?
Santhosh
Are you POSTing on the client or the server? Do you see the cookie in Fiddler?
SLaks
I'm creating a HttpWebRequest internally and then posting it to the server. Fiddler does not catch it, since this is not through a browser..But when I check the response back from the server, I see no cookies being returned at all..
Santhosh
Run Fiddler on the server and see what the other site returns. Are you using a `CookieContainer`?
SLaks
Yes. I think I know what the problem is, but not sure of the solution.. I'm using the HttpWebRequest and HttpWebResponse which is used to represent an "outgoing" request and "incoming" response. These two classes use the System.Net.Cookie to represent cookies, where as the ASP.NET_SessionId is an HttpCookie present in the System.Web class. Now I'm not sure how to "maintain" the session I've established through the initial POST request! Any thoughts?
Santhosh
The classes in `System.Web` are used by the web server to send cookies to your client (the end-user's web browser). The classes in `System.Net` are used by `HttpWebRequest` to _receive_ cookies in your code from the remote server (and to send them back). You need to maintain a `CookieContainer` in session state to hold the auth cookie from the remote site. (This cookie will not be sent to the client's browser, and will only be used by your `HttpWebRequest`s)
SLaks
I'm maintaining the CookieContainer (which is empty) in my HttpWebRequest, but when I get the response, the CookieContainer is still empty. I don't see any auth cookie sent from the server. The cookie count in the response is "0".Not sure what I'm doing wrong, but this is driving me crazy!Somehow if I can get hold of the session id established on the remote server, I'll be all set. But that's not happening!Thanks for all your help!
Santhosh
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);req.Method = "POST";req.ContentType = "application/x-www-form-urlencoded";req.ContentLength = buffer.Length;req.Proxy = new WebProxy(proxy, true); // ignore for local addressesreq.CookieContainer = new CookieContainer(); Stream reqst = req.GetRequestStream(); // add form data to requestreqst.Write(buffer, 0, buffer.Length);reqst.Flush();reqst.Close();HttpWebResponse res = (HttpWebResponse)req.GetResponse();// res.Cookies.Count is zero here..
Santhosh
Then your login request isn't working. You _need_ to run Fiddler and find out what's wrong. However, the first thing to try is adding a `User-Agent` header.
SLaks
It worked!!Thanks SLaks for your help..The info I was looking for (The ASP.NET_SessionId) was present in the "Headers" section of the "req"(HttpWebRequest) element as a "Cookie" after the "req.GetRequestStream();" was run.I now have access to the SessionId which I can make use to maintain this session..Thanks again for your help!
Santhosh