VBA and WinHttp: how to submit to a page that may redirect to a login page

Question

I am using a macro in outlook VBA to submit a file via POST to a URL:

Set http = New WinHttp.WinHttpRequest
http.Open "POST", UrlToPostTo, False    'True                                          '
http.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
http.setRequestHeader "Content-Type", "multipart/form-data; "
http.Send data

My problem is the page that will accept the request (a file upload page, in this case) is protected by authentication - the initial request for it above will return a login page instead of the page itself.

I have tried to detect if the login page appears and if so, post the username and password as form variables (I'm hoping this is equivalent to a human typing said username and password into a page in the web browser).

So the steps are:
* request URL (include file with post).
* Check if the reponse is the login page.
* If so, then in the same http session, submit the username and password to the URL.
* If the server now processes the original post, good, otherwise I can post it again.

The code looks like:

' if the login page comes back, send credentials                                     '
If (InStr(http.ResponseText, "j_password") > 0) Then

    Dim loginData As String
    loginData = "j_username=theusername&j_password=thepassword"

    http.Open "POST", UrlToPostTo, False
    http.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
    http.setRequestHeader "Content-Type", "multipart/form-data; "
    http.Send loginData
End If

But when I do this, The http.Responsetext is just the login page still (or again?).

Any idea what I'm doing wrong? Is my plan even valid?

(This is related to trying to solve this problem )

Answer 1

Is the logon page at the same URL as the page you originally submitted to? I don't see any code that changes urlToPostTo

After your first send, you might want to look at the Status property of your request. See the RFC for what each status code means. It could also help to use the GetAllResponseHeaders method to work out exactly what's going on. See MSDN for more on that

Answer 2

It might be possible for you to store the username and password in cookies which would allow you to access your page directly.

    Dim doc As WinHttp.WinHttpRequest
    Set doc = New WinHttpRequest

    doc.Open "POST", url, False

    doc.SetRequestHeader "Cookie", "UserID=" & username
    doc.SetRequestHeader "Cookie", "Password=" & password

You need to confirm the variable names on your server. You can use a tool like ieHTTPHeaders to inspect the headers when you access the page from the browser to see what you need to do.