Logging Into A Website Using C# Programmatically
Logging into websites programatically is difficult and tightly coupled with how the site implements its login procedure. The reason your code isn't working is because you aren't dealing with any of this in your requests/responses.
Let's take fif.com for example. When you type in a username and password, the following post request gets sent:
POST https://fif.com/login?task=user.login HTTP/1.1
Host: fif.com
Connection: keep-alive
Content-Length: 114
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: https://fif.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://fif.com/login?return=...==
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Cookie: 34f8f7f621b2b411508c0fd39b2adbb2=gnsbq7hcm3c02aa4sb11h5c87f171mh3; __utma=175527093.69718440.1410315941.1410315941.1410315941.1; __utmb=175527093.12.10.1410315941; __utmc=175527093; __utmz=175527093.1410315941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=175527093.|1=RegisteredUsers=Yes=1
username=...&password=...&return=aHR0cHM6Ly9maWYuY29tLw%3D%3D&9a9bd5b68a7a9e5c3b06ccd9b946ebf9=1
Notice the cookies (especially the first, your session token). Notice the cryptic url-encoded return value being sent. If the server notices these are missing, it won't let you login.
HTTP/1.1 400 Bad Request
Or worse, a 200 response of a login page with an error message buried somewhere inside.
But let's just pretend you were able to collect all of those magic values and pass them in an HttpWebRequest object. The site wouldn't know the difference. And it might respond with something like this.
HTTP/1.1 303 See other
Server: nginx
Date: Wed, 10 Sep 2014 02:29:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://fif.com/
Hope you were expecting that. But if you've made it this far, you can now programatically fire off requests to the server with your now validated session token and get the expected HTML back.
GET https://fif.com/ HTTP/1.1
Host: fif.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
Referer: https://fif.com/login?return=aHR0cHM6Ly9maWYuY29tLw==
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Cookie: 34f8f7f621b2b411508c0fd39b2adbb2=gnsbq7hcm3c02aa4sb11h5c87f171mh3; __utma=175527093.69718440.1410315941.1410315941.1410315941.1; __utmb=175527093.12.10.1410315941; __utmc=175527093; __utmz=175527093.1410315941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=175527093.|1=RegisteredUsers=Yes=1
And this is all for fif.com - this juggling of cookies and tokens and redirects will be completely different for another site. In my experience (with that site in particular), you have three options to get through the login wall.
- Write an incredibly complicated and fragile script to dance around the site's procedures
- Manually log into the site with your browser, grab the magic values, and plug them into your request objects or
- Create a script to automate selenium to do this for you.
Selenium can handle all the juggling, and at the end you can pull the cookies out and fire off your requests normally. Here's an example for fif:
//Run selenium
ChromeDriver cd = new ChromeDriver(@"chromedriver_win32");
cd.Url = @"https://fif.com/login";
cd.Navigate();
IWebElement e = cd.FindElementById("username");
e.SendKeys("...");
e = cd.FindElementById("password");
e.SendKeys("...");
e = cd.FindElementByXPath(@"//*[@id=""main""]/div/div/div[2]/table/tbody/tr/td[1]/div/form/fieldset/table/tbody/tr[6]/td/button");
e.Click();
CookieContainer cc = new CookieContainer();
//Get the cookies
foreach(OpenQA.Selenium.Cookie c in cd.Manage().Cookies.AllCookies)
{
string name = c.Name;
string value = c.Value;
cc.Add(new System.Net.Cookie(name,value,c.Path,c.Domain));
}
//Fire off the request
HttpWebRequest hwr = (HttpWebRequest) HttpWebRequest.Create("https://fif.com/components/com_fif/tools/capacity/values/");
hwr.CookieContainer = cc;
hwr.Method = "POST";
hwr.ContentType = "application/x-www-form-urlencoded";
StreamWriter swr = new StreamWriter(hwr.GetRequestStream());
swr.Write("feeds=35");
swr.Close();
WebResponse wr = hwr.GetResponse();
string s = new System.IO.StreamReader(wr.GetResponseStream()).ReadToEnd();
log in to a web page programatically using C#
I guess the website is using Form authentication based on your code and aspx page.
Try add a cookiecontainer
Cookiecontainer cookies = new Cookiecontainer();
//login request to get authentication cookies.
WebRequest request = WebRequest.Create("http://abc/mypage/config/login.aspx");
request.Method = "POST";
request.cookiecontainer = cookies
//your rest of the code
//content request to get what you need
WebRequest request = WebRequest.Create("http://abc/mypage/config/config.aspx");
request.Method = "POST";
request.cookiecontainer = cookies
//same as before
you should get what you need back, if the authentication is through cookies.
C# Login to a website
You can use the PowerShell WebClient and your current session
$webclient = new-object System.Net.WebClient
$credCache = new-object System.Net.CredentialCache
$creds = new-object System.Net.NetworkCredential("username","password")
$credCache.Add("url", "Basic", $creds)
$webclient.Credentials = $credCache
and just call the script inside your C# code.
Another way is by using autoit since it supports:
Manipulate windows and processes
Interact with all standard windows controls
Login on a Website using c# and HTTPrequest
I solved the problem.
Here's the code:
using System.Text;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Forms;
using System.Net;
using System.IO;
using System.Web;
namespace BodytelConnection{
/// <summary>
/// Interaktionslogik für MainWindow.xaml
/// </summary>
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
webBrowser1.Navigate("http://www.bodytel.com/");
}
private void textBox_benutzername_TextChanged(object sender, TextChangedEventArgs e)
{
}
private void textBox_passwort_TextChanged(object sender, TextChangedEventArgs e)
{
}
private void loginBtn_Click(object sender, RoutedEventArgs e)
{
string benutzername = textBox_benutzername.ToString();
string passwort = textBox_passwort.ToString();
string cookieHeader;
passwort = changeString(passwort);
benutzername = changeString(benutzername);
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://secure.bodytel.com/de/mybodytel.html");
CookieContainer cookieContainer = new CookieContainer();
request.CookieContainer = cookieContainer;
request.Method = "POST";
string postData = "login=hans-neo@web.de&password=xxxxx&step=login";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
string Text = "";
foreach (Cookie cook in response.Cookies)
{
Text += "COOKIE: " + cook.Name + " = " + cook.Value + "\r\n";
}
request.AllowAutoRedirect = false;
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string responseFromServer = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();
webBrowser1.Navigate("https://secure.bodytel.com/de/mybodytel.html");
}
private string changeString(string myString)
{
myString = myString.Replace("System.Windows.Controls.TextBox: ", "");
return myString;
}
}
}
Login to the website via C# (login, pass & city cb)
You'll have to do an initial GET first, to get cookies and the csrf token that you need on your first post. The csrf token needs to be parsed out of the first html response so you can supply it together with your username and password.
This is what your mainflow should look like:
var client = new CookieAwareWebClient();
client.BaseAddress = @"https://mystat.itstep.org/en/login";
// do an initial get to have cookies sends to you
// have a server session initiated
// and we need to find the csrf token
var login = client.DownloadString("/");
string csrf;
// parse the file and go looking for the csrf token
ParseLogin(login, out csrf);
var loginData = new NameValueCollection();
loginData.Add("login", "someusername");
loginData.Add("password", "somepassword");
loginData.Add("city_id", "29"); // I picked this value fromn the raw html
loginData.Add("_csrf", csrf);
var loginResult = client.UploadValues("login.php", "POST", loginData);
// get the string from the received bytes
Console.WriteLine(Encoding.UTF8.GetString(loginResult));
// your task is to make sense of this result
Console.WriteLine("Logged in!");
The parsing needs to as complex as you need. I only implemented something that gets you the csrf token. I leave the parsing of the cities (hint: they start with <select and then have <option on each line until you find a </select>) for you to implement as an advance exercise. Don't bother asking me for it.
Here is the csrf parsing logic:
void ParseLogin(string html, out string csrf)
{
csrf = null;
// read each line of the html
using(var sr = new StringReader(html))
{
string line;
while((line = sr.ReadLine()) != null)
{
// parse for csrf by looking for the input tag
if (line.StartsWith(@"<input type=""hidden"" name=""_csrf""") && csrf == null)
{
// string split by space
csrf = line
.Split(' ') // split to array of strings
.Where(s => s.StartsWith("value")) // value="what we need is here">
.Select(s => s.Substring(7,s.Length -9)) // remove value=" and the last ">
.First();
}
}
}
}
If you feel adventurous you can write am html parser, go crazy with string methods, try some regex or use a library
Keep in mind that scraping websites might be against the terms of service of the site. Verify that what you're doing is allowed / doesn't interfere with their operation.
Logging into website via C#
Try this way:
var cookieJar = new CookieContainer();
CookieAwareWebClient client = new CookieAwareWebClient(cookieJar);
// the website sets some cookie that is needed for login, and as well the 'authenticity_token' is always different
string response = client.DownloadString("http://portal.movable.com/signin");
// parse the 'authenticity_token' and cookie is auto handled by the cookieContainer
string token = Regex.Match(response, "authenticity_token.+?value=\"(.+?)\"").Groups[1].Value;
string postData =
string.Format("utf8=%E2%9C%93&authenticity_token={0}&user%5Blogin%5D=USERNAME&user%5Bpassword%5D=PASSWORD&user%5Boffset%5D=5.5&user%5Bremember_me%5D=0&button=", token);
//WebClient.UploadValues is equivalent of Http url-encode type post
client.Method = "POST";
response = client.UploadString("http://portal.movable.com/signin", postData);
//i am getting invalid user/pass, but i am sure it will work fine with normal user/password
}
Extra Class Used :
public class CookieAwareWebClient : WebClient
{
public string Method;
public CookieContainer CookieContainer { get; set; }
public Uri Uri { get; set; }
public CookieAwareWebClient()
: this(new CookieContainer())
{
}
public CookieAwareWebClient(CookieContainer cookies)
{
this.CookieContainer = cookies;
}
protected override WebRequest GetWebRequest(Uri address)
{
WebRequest request = base.GetWebRequest(address);
if (request is HttpWebRequest)
{
(request as HttpWebRequest).CookieContainer = this.CookieContainer;
(request as HttpWebRequest).ServicePoint.Expect100Continue = false;
(request as HttpWebRequest).UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0";
(request as HttpWebRequest).Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
(request as HttpWebRequest).Headers.Add(HttpRequestHeader.AcceptLanguage, "en-US,en;q=0.5");
(request as HttpWebRequest).Referer = "http://portal.movable.com/signin";
(request as HttpWebRequest).KeepAlive = true;
(request as HttpWebRequest).AutomaticDecompression = DecompressionMethods.Deflate |
DecompressionMethods.GZip;
if (Method == "POST")
{
(request as HttpWebRequest).ContentType = "application/x-www-form-urlencoded";
}
}
HttpWebRequest httpRequest = (HttpWebRequest)request;
httpRequest.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;
return httpRequest;
}
protected override WebResponse GetWebResponse(WebRequest request)
{
WebResponse response = base.GetWebResponse(request);
String setCookieHeader = response.Headers[HttpResponseHeader.SetCookie];
if (setCookieHeader != null)
{
//do something if needed to parse out the cookie.
try
{
if (setCookieHeader != null)
{
Cookie cookie = new Cookie(); //create cookie
this.CookieContainer.Add(cookie);
}
}
catch (Exception)
{
}
}
return response;
}
}
Response Received
<!DOCTYPE html>
<html>
<head>
<title>MOVband Portal</title>
<link href="/assets/application-f9d3794ad4639d96cd50c115ad241438.css" media="all" rel="stylesheet" type="text/css" />
<!--[if lt IE 9]>
<script src="/assets/modernizr-9b693978fbc3fcd01874b01875a736bf.js" type="text/javascript"></script>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<!--[if IE 7]>
<link href="/assets/ie7-ca67da697ba8da1de77889ceedc4db1a.css" media="all" rel="stylesheet" type="text/css" />
<![endif]-->
<script src="/assets/application-b1fcaae48e75e2455cf45e1d75983267.js" type="text/javascript"></script>
<meta content="authenticity_token" name="csrf-param" />
<meta content="aC33zdBSSAz63dVjOgYXR/L6skV/QxxHe4XqX3UYCek=" name="csrf-token" />
</head>
<body id="login">
<header>
<div class="container">
<a href="http://movable.com">
<img alt="Movablelogo" class="logo" src="/assets/movableLogo-3429bb636ded1af0a80951c7d4386770.png" />
</a> </div>
</header>
<section class="main">
<div class="container">
<div id="loginWindow" class="cf">
<img alt="Movbandlogologin" class="movbandlogo" src="/assets/MOVbandLogologin-3cacbbe2b9bb05b16a3ca521acf81fc6.png" />
<div class="cf">
<div id="welcomeMessage">
<h1>Welcome</h1>
<img alt="Movbanddevice" class="device" src="/assets/MOVbandDevice-acbb62593330775ac09dced40e28e8e2.png" />
<p>
Just got your MOVband? We'll have you moving in no time with our quick product registration and setup.
<a href="/join">Join ></a>
</p>
</div>
<form accept-charset="UTF-8" action="/signin" class="new_user" id="new_user" method="post"><div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓" /><input name="authenticity_token" type="hidden" value="aC33zdBSSAz63dVjOgYXR/L6skV/QxxHe4XqX3UYCek=" /></div>
<p class="alert">Invalid email or password.</p>
<h2>login to your account</h2>
<label for="user_login">Login</label>
<input id="user_login" name="user[login]" size="30" type="text" value="USERNAME" />
<label for="user_password">Password</label>
<input id="user_password" name="user[password]" size="30" type="password" />
<input id="user_offset" name="user[offset]" type="hidden" value="5.5" />
<label for="user_remember_me">
<input name="user[remember_me]" type="hidden" value="0" /><input id="user_remember_me" name="user[remember_me]" type="checkbox" value="1" />
Remember me on this computer.
</label>
<button class="login" name="button" type="submit">Login</button>
<a href="/users/password/new" class="forgotPassword">Forgot password?</a>
</form> </div>
</div>
</div>
</section>
<footer>
<div class="container">
<div class="social_icons">
<a href="https://www.facebook.com/getMOVband" class="fb_link" target="_blank"></a>
<a href="https://twitter.com/getmovband" class="tw_link" target="_blank"></a>
<a href="http://www.youtube.com/getmovband" class="yt_link" target="_blank"></a>
<a href="http://www.linkedin.com/company/2355960" class="li_link" target="_blank"></a>
</div>
</div>
</footer>
</body>
</html>
Log in to website with c# desktop app
I'm sorry if I wasted anyone's time looking into this.
After wondering why there was no error, when thinking about the above comment question, I realized that this line.
string htmlSource = client.DownloadString(client.BaseAddress);
was getting the source from the initial login page, not the page I wanted source from after logging in.
When I enter the correct landing url I get the results I expected.
string htmlSource = client.DownloadString(@"https://my.freecycle.org/page/i/need");
Related Topics
Deserializing Json Data to C# Using Json.Net
If Async-Await Doesn't Create Any Additional Threads, Then How Does It Make Applications Responsive
How to Increase the Max Upload File Size in Asp.Net
Difference Between Shadowing and Overriding in C#
Show/Hide the Console Window of a C# Console Application
How to Add a New Row to Datagridview Programmatically
How to Handle Accessviolationexception
A Generic Error Occurred in Gdi+, Jpeg Image to Memorystream
How to Specify a Custom Location to "Search For Views" in ASP.NET MVC
What's the Main Difference Between Int.Parse() and Convert.Toint32
Redirecttoaction With Parameter
How to Check For Internet Connectivity Using .Net
How to Get the Connection String from a Database
What Is the Purpose of the "Prefer 32-Bit" Setting in Visual Studio and How Does It Actually Work