I am working on a console application that needs to log into a website to download a text file - and the login process is giving me some trouble. The login form has 2 textfields (username and password) and also a hidden input field for the form-key. I'm no experienced web developper but I assume that a PHP script generates this key and stores it in my session. If this key is not submitted correctly, the browser will just re-open the login page. I can see this key when I look at the website source code but I don't know how to get this value programatically.
So far I'm doing the following:
Dim cookies As New CookieCollection
Dim cookieRequest As HttpWebRequest = WebRequest.Create("https://www.website.com/customer/account/login/")
cookieRequest.CookieContainer = New CookieContainer()
cookieRequest.CookieContainer.Add(cookies)
Dim cookieResponse As HttpWebResponse = cookieRequest.GetResponse
cookies = cookieResponse.Cookies
Later in my code, I use the obtained cookies to create a CookieAwareWebClient object which would then send the necessary data to the website with a POST request to log in and also download the file I want:
Dim cookieJar As New CookieContainer
cookieJar.Add(cookies)
Dim client As New CookieAwareWebClient(cookieJar)
Dim reqparm As New Specialized.NameValueCollection
reqparm.Add("username", "<my_username>")
reqparm.Add("passwd", "<my_password>")
reqparm.Add("form_key", "??????")
Dim responsebytes = client.UploadValues("https://www.website.com/customer/account/loginPost/", "POST", reqparm)
Dim responsebody = (New Text.UTF8Encoding).GetString(responsebytes)
' validate login if it works...
Dim strDL As String = client.DownloadString("https://www.website.com/downloadFile.php")
So basically my question would be: Is it possible to obtain the form_key value before I post the data with my web-client or is this designed specifically to prevent someone from accessing the website like that?
