HttpWebRequest and forms authentication in C#

Question

I am a systems guy and currently doing a part time web development project so am pretty new to it. I am trying to write a http client for www.portapower.com.

It will for certain items which are posted on the website and if they match a particular requirement it will print a message.

While trying to access this page:

http://www.portapower.com/getbainfo.php?fclasscode=1&code=CB1831B.40H&fbrand=QUNFUg==

The website redirects me to a default register page:

http://www.portapower.com/defaregit.php

Here is a snippet of what I coded:

CookieContainer myContainer = new CookieContainer();

HttpWebRequest request = (HttpWebRequest)
WebRequest.Create("http://www.portapower.com/" + urlpart);
request.Credentials = new NetworkCredential("****", "******");
request.CookieContainer = myContainer;
request.PreAuthenticate = true;
request.Method = "POST";
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();

Console.WriteLine(response.StatusCode);
Stream resStream = response.GetResponseStream();
Console.WriteLine(resStream.ToString());

I do have the username and password and it works fine when used from a browser. Please tell me if this a correct way to access a authenticated page.

Answer 1

It depends on how the website is authenticating users. If they are using basic authentication or Windows authentication, then you can set the Credentials property of the HttpWebRequest class to the username/password/domain information and it should work.

However, it sounds like you have to enter the username/password on the site, which means you are going to have to login to the site first. Looking at the main page, this is what I find in the <form> element that handles login:

<form name="formlogin" method="post" action="./defalogin.php" >
  <input name="emtext" type="text" id="emtext" size="12">
  <input name="pstext" type="password" id="pstext" size="12">
  <input type="submit" name="Submit" value="Logn in" 
    onClick="return logincheck()" >
</form>

I've included only the relevant portions.

Given this, you have to go to the ./defalogin.php page first with the HttpWebRequest and POST the emtext and pstext values. Also, make sure you set the CookieContainer property to an instance of CookieContainer. When that call to POST returns, it's more than likely going to be populated with a cookie which you will have to send back to the site. Just keep setting the CookieContainer property on any subsequent HttpWebRequest instances to that CookieContainer to make sure the cookies are passed around.

Then you would go to the page indicated in the link.

Of concern is also the logincheck javascript function, but looking at the script sources, it does nothing of note.