Help...Replicating IE HTTP protocol to communicate with ASP.NET

  • Thread starter Thread starter Tim Smith
  • Start date Start date
T

Tim Smith

Hi,

We have an ASP.NET web application which is suffering performance
problems. Since setting up robot scripting interacting with the
browser would take a while I hoped I could open a two-way socket with
IIS and replicate the HTTP session information e.g. starting out with

POST /192.168.1.1/login.aspx HTTP/1.1\r\n
Accept-Language: en-us\r\n
ontent-Type: application/x-www-form-urlencoded\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.0.3705)\r\n
Host: 192.168.1.1\r\n
ontent-Length: 68\r\n
Connection: Keep-Alive\r\n
Cache-Control: no-cache\r\n
Cookie: ASPSESSIONIDAAATDTQR=OGEFBLJCPEPCNFHMJGPHBCDJ;
ASP.NET_SessionId=ko3ozjqyqb1lbu454cxrf3ft;\r\n
\r\n__EVENTTARGET=&__EVENTARGUMENT=&usersid=abcde&passwd=12345&test=Login


When I network sniff IE I see the ASPSESSIONIDAAADTQR, without it I
get a security timeout from the server. I could probably comment out
that code but can I generate than value from somewhere?? Do I need
more than the SessionId to make this work. Is this all even possible?
 
Make an initial request to the server, no cookie, to an unsecured page
then the response should contain a Set-Cookie: header that will tell you
what to use.

ASPSESSIONID<STUFF> is for ASP not ASP.NET session management
the <STUFF> bit changes every time the server/site process restarts
 
if you do the first GET, asp.net will send the cookie values need for the
rest of the session. to do postback (POST) you will need to send the hidden
__Viewstate field that came from the matching GET.

-- bruce (sqlwork.com)
 
Ok, I do an intial request with no cookie info, I get back
Set-Cookie: ASP.NET_SessionId=5zaasakdhaksfg34; path=/

So on my next request, which is a POST of the login username and
password I include the session id variable. The login succeeds and
rerturns more cookies:

Set-Cookie:MyAppp=YF3H0HFFFFKOJF034J439FJ09
Set-Cookie:MyAppp=KSAJDDD7AS6D7A6D7ASTDASTD

So on my next GET request I include
Cookie: ASP.NET-SessionId=5zaasakdhaksfg34;
MyAppp=KSAJDDD7AS6D7A6D7ASTDASTD

The MyAppp seems to come from web.config - possibly related to forms
based authentication?

This is as far as I get - further requests for pages (mimicking my
browser) using the returned ids gives me errors:
HTTP/1.1 403 Forbidden

What could I be missing - what are the 403 errors specific to - lack
of authentication?
 
When I use a network sniffer on IE - I do see a couple of fields that
are passed back, but they are empty? Is this passed as
application/x-www-form-urlencoded data? If the web page passes no
extra HTML or HTTP information - what else could be needed? I seem to
matching IE communication with my socket code.
 
Back
Top