0

I am trying to knock up a quick DOS based app in C# to assist me with some tedius tasks I have to perform on websites every so often. One of the pages I need to access requires you to be logged in to view the source. This shouldn't really be a problem, I have a valid username and password. I found this question here:

Login to website, via C#

which tells me how I can send a POST request to a specific URL and retrieve a cookie from the header for future use with any page that requires me to be logged in.

This would work nicely if it wasn't for the fact that the POST form on the login page is a little more complicated than just a "username" and "password" field. Looking at the form it has an "OnSubmit" call to a javascript function, which takes the username and password and encrypts them into some kind of hash (maybe md5 plus a little extra bits and bobs) then saves them in further hidden fields in the login form.

I was thinking it is probably possible to run the javascript function from C# somehow? If I could maybe retrieve the HTML file (with included JS) and then run that JS function from with C# and then retrieve the cookie from the POST request the JS effectively sends. A further complication may lie in the fact that I am not sure if the JS function is stored locally or is linked in via a tag.

Community
  • 1
  • 1
DrLazer
  • 2,805
  • 3
  • 41
  • 52

1 Answers1

3

The site sounds like it's doing something nice, e.g. hashing your password instead of sending it in clear text.

I'd say you have three basic options. You could simply use a WebBrowser control instead of using HttpWebRequest and let the site work the way it's supposed to. Your code can just fill the the form and click the submit button.

You could try to run the javascript in your application, though the tools seem either obsolete or iffy. Search SO for discussions about this in the past, e.g. this one.

If this is really worth it to you, you can duplicate the functionality of the javascript in C#, and do all the work yourself, just populating the final fields before posting. Converting algorithmic procedures like a hash function is probably not very difficult. Most likely it's a standard SHA algorithm which is already part of .NET anyway. You would potentially have problems in the future if things change on the site, of course.

Unless you really need a super-clean solution, I'd just use a WebBrowser control and let the site do its thing.

Community
  • 1
  • 1
Jamie Treworgy
  • 23,934
  • 8
  • 76
  • 119