views:

221

answers:

1

I would like to know if the following is possible:

As part of the PageLoad of an ASP.Net page request:

  • Use HttpWebRequest (POST) to make a request to a forms authentication webpage of a different web application
  • Examine the response to see if the authentication succeeded (identifiable if an authentication cookie has been set)
  • If it fails, then finish the ASP.Net page request, which will display a message saying "couldn't auto-login" or some such thing
  • If success, then instead of completing the ASP.Net page lifecycle, use "Response.Write" to send the response from the HttpWebRequest back to the browser (thus essentially displaying the webpage from the HttpWebRequest)

If the above is possible, then, is there also a way to transfer the authentication cookie from the HttpWebResponse to the requesting browser? My gut feeling is probably not - but if this is the case, then how do proxy servers handle such things? Is that not essentially what they are doing?

Thanks for any help

+1  A: 

You can add a CookieContainer to the HttpWebRequest. It will store any cookies received from the response and if you attach the same cookie container to the next request, it will send those cookies back up to the server.

You can access the contents of this CookieContainer object and send those back to your client using Response.Cookies.

Josh Einstein
Thanks Josh. The CookieContainer info was useful.
James