+1  A: 

What's wrong with using the FormsAuthentication class? In particular, have you tried the following sequence (or a variation of it):

FormsAuthentication.Authenticate();

FormsAuthentication.SetAuthCookie();

FormsAuthentication.RedirectFromLoginPage();

Franci Penov  2009-09-17 01:12:13
Becuase the remote site is not an ASP.NET application
arri.me  2009-09-17 02:57:39
A: 

Use Firebug on Mozilla Firefox to see what exactly the browser does when logging into the webapp. Then simulate the same sequence through code.

Or, you can use wireshark to sniff the requests sent by the browser.

One thing I can see from your code, is that you are adding the cookie explicitly. You shouldnt be doing this. You should set a CookieContainer on the request, so that the cookies get sent with all the requests to that site.

hope that helps.

feroze  2009-09-17 01:29:05
Ok, on reading your question again, I think I did not fully understand it. What you are trying to do, is use a man-in-the-middle, which does the FBA auth to the back end ASP application, and then passes on that cookie to the client. In doing so, it sets the domain and the path appropriately.I would suggest you do a network sniff, between your asp.net app and the remote ASP app, as well as from a browser going directly to the asp app. And see what is the difference in the cookies/urls etc
feroze  2009-09-17 16:44:28
Is it possible that the ASP server is encoding the hostname of the client (in this case the asp.net app) in the cookie, so it rejects the request when it comes from the client.
feroze  2009-09-17 16:45:21
That's exactly what I'm trying to do. I have analyzed the traffic with fiddler2, the only thing missing was the P3P header, but it doesn't seem to attach the cookie on to the redirect request. The ASP application is third party, so I have no idea how it creates the session id.The reason I'm looking into this is I'm writing a reverse proxy and I'm unable to get a specific Java Applet to run, so I'd like to launch a direct connection for the user without them having to authenticate.
arri.me  2009-09-17 22:33:37
Did you get a network sniff from the browser -> proxy, as well as from proxy -> asp.net server?Are you sure the cookie is being sent from proxy -> ASP app?Do you have any control over the ASP server? Is it possible to find out why the server does not like the cookie you sent?
feroze  2009-09-19 03:01:46
Ok, on reading your code again, I think there is a bug in the way you are doing things.Assume that your aspnet server is at address 1.2.3.4. From here, you are trying to do an FBA to 1.1.1.1. You are taking the cookie sent by the backend, and sending it onward to theh browser.When the browser gets the cookie, the domain will be 1.1.1.1, however the browser was talking to server 1.2.3.4 (middle-man). So, the browser will not accept that cookie. If it did so, then it would be possible to pollute anybody's cookie cache.
feroze  2009-09-20 16:01:42
Ok, that makes sense. My other option was to try a javascript XMLHttpRequest to the remote site, but I'm limited by the cross-domain restrictions in each browser...
arri.me  2009-09-23 17:39:05
A: 

i believe you have to do a request to an authenticated page on the remote web app.

you'll have to grab the cookie it gives you so you have a valid session. aspnet session id is passed in the cookie. Then you will need to pass the username and password required for that app along with the cookie you received so you will have a valid authenticated session.

trying to do it now so if i work it out i'll post the code.

brett  2009-12-03 04:58:21

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?