Accessing and displaying SSL web pages and cookies from a windows form

[Justin Engelman]

Hi,
I have a website that uses an ISAPI filter that will redirect anyone going
to any page on the site to an SSL login page (on a different website with
the same root domain) if they do not have the appropriate session cookie
already. After logging in on that page successfully they are given the
cookie and redirected back to the page they initially tried to go to.

I would like to create a Windows application that gets data from that
website and utilizes that SSL login form and the session cookie generated by
it. Then as the user is using the application it will make calls to the
website to get needed information, which will cause the ISAPI filter to see
that the user has that cookie.

I don't have control over the user logins or passwords or the ISAPI filter
code or SSL login page.

My question is, is it possible to display the login webpage from my
application when the application is first loaded, then to capture the cookie
after the user logs in and the data generated by the page they are
redirected back to after login. If it is, how would I go about doing that?
Also, how would my application "remember" the user's cookie so that
subsequent calls to my website to get data can authenticate the user from
the data in the cookie and also not redirect to the login page.

Thank you for any help you can give me,
Justin

 

[Cor]

Hi Justin,

A more ASPNET question I have seldom seen.
(If you have the logical solution, than maybe we can help you with VB.net).

I think you can ask this question better in this newsgroup.

Aspnet
<
Web interface:

<http://communities2.microsoft.com/communities/newsgroups/en-us/?dg=microsof
t.public.dotnet.framework.aspnet>


I hope this helps a little bit?

Cor

 

[Justin Engelman]

Hmmm, ok, perhaps I didn't explain it well enough...
I am actually creating a client/server application. The server is a
webserver running IIS and is set up already, my question is about creating
the Windows Form client (compiled to an exe) that will run on users'
machines. It needs to be able to talk to the webserver through http calls
or LoadXML calls to urls on the website in order to get data or post data to
the server. Normally I would do this through XMLDocument.LoadXML calls,
passing the url of the page I want to load (since I can set my pages up to
return XML). My problem is that any call to any page on that web site is
first redirected to a SSL login page, if a particular cookie is not present,
by an ISAPI filter installed in IIS for that site. So if I try to
programmatically get data from the website to load into a listbox control on
my Windows form the call will get redirected to the login page because the
cookie is not present instead of getting the data.

So I think what I need is the Windows Application upon load to essentially
look/act just like Internet Explorer by being able to navigate to the
website SSL login page and display that page to the user just as it would be
displayed in Internet Explorer and once the user logs in to capture and be
able to persist the cookie that the login page creates for future
programmatic calls to that website.

I also need to be able to tell in my Windows application that the user
successfully logged in by reading the cookie that is generated or the page
that the login page redirects back to.

example of my problem:
if I try making a call like
myXmlDom.LoadXML("http://whateversite.com/someData.xml"), instead of loading
someData.xml, it will get redirected to the login page and try to load that
into myXmlDom and fail because that is not properly formatted XML (and even
if it were, it would not be the data I wanted).

Am I making sense? Does this still sound like something that should be
posted in the ASP.NET group instead of here?

Thank You,
Justin

 

[Cor]

Ok Justin,

More clear but now you have to find a lot yourself, I only can give you the
tools I think you can have a look for.

The axwebbrowser to get your page and to get information from that.
microsoft webbrowser you have to set a reference for that

Getting informatation from that
mshtml you have to set a reference for that
(and not use an import because it has to many interfaces and it freezes your
IDE)

For the cookies
Httprequest

But how to do it, I would not know and I think that your question is very
special.

Cor

 

[Tony Archer]

Actually, Justin. I understand EXACTLY what you're talking about. Why?
Because I'm trying to do the EXACT same thing.

Below is a bit of code I'm using to pull the page (however the cookies are
still a problem...looking for a solution still)

Imports SystemImports System.IO

Imports System.Net

Imports System.Threading

Imports System.Text.RegularExpressions

Imports System.Text.Encoding

Imports System.Security.Cryptography.X509Certificates

 

[Tony Archer]

Ooops, accidentally submitted a half - post... anyhow. Trying to do the
EXACT same thing here, Justin.

Everything works (SSL included) *except* for the cookies. trying to figure
that one out still.

Here is the code:


Imports System
Imports System.IO
Imports System.Net
Imports System.Threading
Imports System.Text.RegularExpressions
Imports System.Text.Encoding
Imports System.Security.Cryptography.X509Certificates

Public Class TrustAllCertificatePolicy
Implements System.Net.ICertificatePolicy
Public Function CheckValidationResult(ByVal srvPoint As
System.Net.ServicePoint, ByVal certificate As
System.Security.Cryptography.X509Certificates.X509Certificate, ByVal request
As System.Net.WebRequest, ByVal certificateProblem As Integer) _
As Boolean Implements
System.Net.ICertificatePolicy.CheckValidationResult
Return True
End Function
End Class


Private Sub cmdGet_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles cmdGet.Click
'Create(a) 'WebRequest' object with the specified url
System.Net.ServicePointManager.CertificatePolicy = New
TrustAllCertificatePolicy

Dim myWebRequest As WebRequest
'myWebRequest.Credentials = myCert.TrustAllCertificatePolicy
myWebRequest =
WebRequest.Create("https://sentri.us.nortel.com:8443/SENTRI/home.jsp")

' Send the 'WebRequest' and wait for response.
Dim myWebResponse As WebResponse
myWebResponse = myWebRequest.GetResponse()
' Call method 'GetResponseStream' to obtain stream associated with
the response object
Dim ReceiveStream As Stream
ReceiveStream = myWebResponse.GetResponseStream()

Dim encode As System.Text.Encoding
encode = GetEncoding("utf-8")

' Pipe the stream to a higher level stream reader with the required
encoding format.
Dim readStream As New StreamReader(ReceiveStream, encode)
'txtLog.Text = (ControlChars.CrLf + "Response stream received")
Dim read(1024) As [Char]

' Read 256 charcters at a time .
Dim count As Integer = readStream.Read(read, 0, 1024)
txtLog.Text = ""
'While count > 0
While readStream.Peek >= 0

' Dump the 256 characters on a string and display the string
onto the console.
Dim str As New [String](read, 0, count)
txtLog.Text = txtLog.Text & (str)
count = readStream.Read(read, 0, 1024)

End While
Dim str2 As New [String](read, 0, count)
txtLog.Text = txtLog.Text & (str2)
count = readStream.Read(read, 0, 1024)
'Console.WriteLine("")

' Release the resources of stream object.
readStream.Close()

' Release the resources of response object.
myWebResponse.Close()

End Sub