1

Using C# and ASP.NET I want to programmatically fill in values for a web form and then 'POST' those values.

I've seen examples of others using webclient and other classes in posts such as:

How do you programmatically fill in a form and 'POST' a web page?

I am looking to carry out similar functionality - where I automatically post data to a form. In my case I am looking to submit data to simulate a login. I have a couple of questions:

1) Using the Post code in this thread, how can you determine if the Post was a success? We cant really presume a 200 response is a success. It wouldn't necessarily be correct to presume a 302 redirect signifies success either. Is there any sure fire way to determine we are logged on successfully after the post?

2) Do some sites block requests that do not originate from their own domain?

Community
  • 1
  • 1
Rob
  • 6,819
  • 17
  • 71
  • 131
  • If you know the form fields, then you don't need fill the form. Just make the post request with the values. Unless the site use anti forgery token, then in this case you'd have to know the token and the session cookie. – Ortiga Dec 01 '14 at 16:34
  • 1
    You should presume 200 OK means what it says. Yes some sites block requests that do not originate from their own domain. Login sequences are often written specifically so that they prevent what you are trying to do, i.e. a bot attack on a login. They may well include two-and-a-half factor authentication, randomly generated passphrases and glyph recognition, so there is no general purpose solution to your problem. You should do this only on a system you know, and in which case Fiddler will show you what the Http sequence is. – PhillipH Dec 01 '14 at 16:36
  • Not sure if you can presume a 200 is ok as you could get a 200 response (all is ok) but in the html have a logon failed message. But it does sound like theres no one solution fits all from the comments. Thanks guys! – Rob Dec 01 '14 at 16:40

1 Answers1

2

yes some sites block request. but you can check the login with auth cookie. Use HttpWebRequest/HttpWebResponse 

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(url));

byte[] data = Encoding.Default.GetBytes("item1=11111&item2=22222&Item3=33333");
request.Method = "POST";
request.ContentLength = data.Length;

Stream sout = request.GetRequestStream();
sout.Write(data, 0, data.Length);
sout.Flush();
sout.Close();

request.CookieContainer = new CookieContainer();
HttpWebResponse response = (HttpWebResponse) request.GetResponse();

now check response.Cookies for auth cookie

maruthu chandrasekaran
  • 168
  • 6
  • is the auth cookie not something specific to each site? So you'd need to know this upfront. If I was to use this approach, is there a way to pass the cookie (this will run in the server side code) from my request to the client browser? Passing it on really. – Rob Dec 01 '14 at 16:47
  • 1
    authentication cookies are the most common method used by web servers to know whether the user is logged in or not. yes you can pass cookies `var cookieContainer = new CookieContainer(); Uri target = new Uri("http://www.google.com/"); cookieContainer.Add(new Cookie(name,value) { Domain = target.Host }); request.CookieContainer =cookieContainer;` – maruthu chandrasekaran Dec 01 '14 at 17:00