0

Hello There is a website built with MW 1.18.2, which requires users to log in - without this you cannot access any page in it. I have valid credentials to log in manually from browser, but I need to be able to do the same from my windows forms application (C#): when user clicks on a button I have to show (or navigate to) certain page from the website, and for that I have to login programmatically first. I have found the examples in PHP and JScript but being newbie in that web staff I have no idea how to use them, and I am not sure they can be used on client side.

Any help would be greatly appreciated.

svick
  • 236,525
  • 50
  • 385
  • 514
user2907621
  • 11
  • 1

2 Answers2

1

Website authentication tends to work as follows:

  1. The user submits (via an HTTP POST action) credentials to the server
  2. If the credentials are correct, the server responds with a session token and potentially other cookie tokens. The browser stores these and returns them with every request to the server.

Perhaps the easiest option would be to programattically fill out the form in a WebBrowser control and submit it. The steps required to do that are discussed here. The main steps would be to identify the form elements you want to manipulate (the username and password field), all of which can be done using the various developer tools available in most web browsers.

Another option would be to submit the login details using HttpClient and to then pass the received session and cookie data to the WebBrowser control. Looking at wikipedia, the login field seems to submit via POST:

URL: https://en.wikipedia.org/w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Main+Page
wpName: <username>
wpPassword: <password>
wpRemember: 1|0
wpLoginAttempt: Log in
wpLoginToken: <a token from a hidden form input>
wpForceHttps: 0

I figured that out by using Google Chrome's developer tools (press F12) under the Network tag. If you submit a form you can generally find the POST request (as opposed to most HTTP GET requests) which contains the form information.

The biggest problem you'll have here is probably the hidden token in the form. I'd imagine it's present to stop automated logins from anywhere other than the login form. If mediawiki uses this by default there's no easy way of bypassing it if you don't control the mediawiki installation. At that point, you might as well just use the first method (as you'll have to access the DOM to get the token).

Community
  • 1
  • 1
LeoR
  • 369
  • 1
  • 9
1

Thank you LeoR, it works:

private void buttonLoginAndShowMainPage_Click(object sender, EventArgs e)
    {
        this.webBrowser1.Navigate(mediawikisite);
    }

    private void webBrowser1_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
    {
        HtmlDocument doc = this.webBrowser1.Document;

        HtmlElement LoginForm = doc.Forms[0];
        HtmlElement UserName = doc.GetElementById("wpName1");
        HtmlElement Password = doc.GetElementById("wpPassword1");

        UserName.SetAttribute("value", "myuserid");
        Password.SetAttribute("value", "mypassword");

        LoginForm.InvokeMember("submit");
    }
user2907621
  • 11
  • 1