1

I am trying to pull data from a login so I would be able to verify that the login succeeds.

How do I use the HttpWebRequest to pull the content of the page so I could use it to verify the login is good.

Since every login return status code 200 if the login is correct and incorrect it makes it harder to verify success login.

private int[] LoginCheck(string TargetWebApp)
        {
            int[] result = new int[2];
            var watch = System.Diagnostics.Stopwatch.StartNew();
            try
            {


                string formUrl = "https://someweb/user/login/default";
                string formParams = string.Format("email={0}&password={1}&submit=Login", "someuser@somedomain.com", "somepassword");
                string cookieHeader;
                HttpWebRequest req = (HttpWebRequest)WebRequest.Create(formUrl);
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
                req.ContentType = "application/x-www-form-urlencoded";
                req.Method = "POST";
                byte[] bytes = Encoding.ASCII.GetBytes(formParams);
                req.ContentLength = bytes.Length;
                using (Stream os = req.GetRequestStream())
                {
                    os.Write(bytes, 0, bytes.Length);
                }
                HttpWebResponse resp = req.GetResponse() as HttpWebResponse;

                var elapsedMs = watch.ElapsedMilliseconds;
                watch.Stop();
                var isInvalidAccess = resp.StatusCode == HttpStatusCode.Unauthorized;
                Console.WriteLine("Login to something succeed in {0} Milliseconds", elapsedMs);
                cookieHeader = resp.Headers["Set-cookie"];
                result[0] = 1;
                result[1] = (int)elapsedMs;

            }
            catch (Exception e)
            {
                //Any exception will return false.
                Console.WriteLine(e.Message);
                result[0] = 0;
                result[1] = 0;
            }

            return result;
        }
EilonA
  • 361
  • 5
  • 17
  • Maybe there is like a User Settings page which returns `Unauthorized` or `Forbidden` when you are not correctly logged in? If so, you could just log in and then try to access that page. – Freggar May 16 '18 at 08:16
  • And how do I access the page and see the content? It seem like I can't see any content with currect and false credentials – EilonA May 16 '18 at 08:37
  • Whops I got your question wrong. Maybe https://stackoverflow.com/questions/3273205/read-text-from-response helps? – Freggar May 16 '18 at 08:45
  • After a successful LogIn, you should be redirected to the landing page. The StatusCode should be 302, not 200. You, usually, get a 200 because the LogIn page is presented again, as you had requested it for the first time. The 200 StatusCode is related to the request of the LogIn page. Plus, you have `ServicePointManager.SecurityProtocol` set but no server validation callback. In an Https connection, the connection should be closed (the server certificate is not validated). Then, there's the Cookies collection method (...). – Jimi May 16 '18 at 09:26

0 Answers0