I have been trying to write a program using HttpClient 3.0 to login in
to an ASPNET site with fairly standard ASP.NET smart navigation based
security. A valid username and password are available, things work fine
with a browser.
Examining the sequence of calls through a web debugging proxy to a
browser the action flow is: (slightly modified to protect client site
and user privacy, ignoring those to fetch images and scripts)
GET to InfoPage, where the information wanted is presented
- redirect 302 to Login.aspx
- Browser sniffer sees ASP.NET_SessionId cookie
- Browser sniffer also sees /.ASPXAUTH cookie
GET to Login.aspx with ReturnURL set to the Info page
- Browser sniffer sees ASP.NET_SessionId cookie on Request
- Browser sniffer also sees /.ASPXAUTH cookie on Request
generates correct authentication
- no cookies seen on response
GET to all kinds of places for small details
Returns control to Browser, displaying the Login Form, status 200
- Information entered
POST to LoginPage
- Browser sniffer sees ASP.NET_SessionId cookie on request
- Browser sniffer also sees /.ASPXAUTH cookie on request
- generates correct authentication
- redirect 302 to Login.aspx
- Browser sniffer sees ASP.NET_SessionId cookie on request
- Browser sniffer also sees /.ASPXAUTH cookie on request with new
value
GET to Info page
- Browser sniffer sees ASP.NET_SessionId cookie on request
- Browser sniffer also sees /.ASPXAUTH cookie on request with new
value
Info page is displayed
Sequence of calls can also be displayed as:
GET
/ExMod/ExModInfo.aspx?searchstring=3396081
GET
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
GET
/script/Public.js
GET
/script/Form.js
GET
/script/Navigation.js
GET
/style/PublicNav.css
GET
/style/style.css
GET
/style/ms.css
GET
/images/Logo.gif
GET
/images/Button_Arrow.gif
GET
/images/loginbutton.gif
GET
/images/BottomLeft.gif
GET
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
GET
/script/Public.js
GET
/script/Form.js
GET
/script/Navigation.js
GET
/style/style.css
GET
/style/ms.css
GET
/style/PublicNav.css
GET
/images/Logo.gif
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/BlankPage.aspx
GET
/images/BottomLeft.gif
GET
/images/Button_Arrow.gif
GET
/images/loginbutton.gif
GET
/getseal?host_name=xxx from Verisign
GET
/getseal VeriSignCACenter
GET
/dot_clear.gif
GET
/utility/keepalive.aspx?version=2.1.61025.2
POST
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
GET
/ExMod/ExModInfo.aspx?searchstring=3396081
GET
/images/spacer.gif
GET
/images/ltgraypixel.gif
GET
/utility/keepalive.aspx?version=2.1.61025.2
So I tried to replicate the functionality via HTTP client. Code is as
below, again with organization.username,password modified for privacy
*import* org.apache.commons.httpclient.*;
*import* org.apache.commons.httpclient.auth.*;
*import* org.apache.commons.httpclient.cookie.CookiePolicy;
*import* org.apache.commons.httpclient.methods.*;
*import* org.apache.commons.httpclient.params.*;
*import* java.util.ArrayList;
*import* java.util.List;
/**
* A simple example that uses HttpClient to perform required Form
Authentication
* and then get info from page. Can be run standalone without parameters.
*
*/
*public* *class* ConnectViaHttps {
*static* *final* String /hostURI/ = "anonymous.org";
*static* *final* *int* /LOGON_PORT/ = 443;
*static* *final* String /hostAdd/ = "anonymous.org";
*public* ConnectViaHttps() {
*super*();
}
*public* *static* *void* main(String[] args) *throws* Exception {
*int* status;
String userName = *new* String("secretname");
String userPassword = *new* String("secretpassword");
String LOGON_SITE =
"https://anonymous.org/Login.aspx?ReturnURL=ExMod/ExModInfo.aspx?searchstring=3396081";;
String INFO_SITE =
"https://anonymous.org/ExMod/ExModInfo.aspx?searchstring=3396081";;
System./getProperties/().put("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
java.security.Security./addProvider/(*new*
com.sun.net.ssl.internal.ssl.Provider());
// settings for logging information
System./setProperty/("org.apache.commons.logging.Log",
"org.apache.commons.logging.impl.SimpleLog");
System./setProperty/("org.apache.commons.logging.simplelog.showdatetime",
"true");
// this is instruction to log full wire (header and content)
//System.setProperty(
//
"org.apache.commons.logging.simplelog.log.httpclient.wire",
// "debug");
// this is instruction to log wire headers
System./setProperty/(
"org.apache.commons.logging.simplelog.log.httpclient.wire.header",
"debug");
// to log context
System./setProperty/(
"org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"debug");
HttpClient client = *new* HttpClient();
// This is to make HttpClient pick the Digest authentication for
asp.net
List authPrefs = *new* ArrayList(3);
authPrefs.add(AuthPolicy./DIGEST/);
authPrefs.add(AuthPolicy./BASIC/);
authPrefs.add(AuthPolicy./NTLM/);
client.getParams().setParameter(AuthPolicy./AUTH_SCHEME_PRIORITY/,
authPrefs);
//client.getParams().setParameter("http.socket.timeout",
new Integer(10000));
client.getParams().setParameter("http.protocol.content-charset", "UTF-8");
client.getParams().setParameter("http.protocol.single-cookie-header"
,*true*);
// very weird but site accepts this but not MSIE
client.getParams().setParameter("http.useragent",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)");
// do not set preemptive, this forces Basic authentication
which is not what we want
//client.getParams().setAuthenticationPreemptive(true);
client.getParams().setBooleanParameter(
HttpClientParams./REJECT_RELATIVE_REDIRECT/,
*false*);
client.getParams().setBooleanParameter(
HttpClientParams./ALLOW_CIRCULAR_REDIRECTS/,
*true*);
client.getHostConfiguration().getParams().setParameter("http.protocol.version",
HttpVersion./HTTP_1_1/);
client.getHostConfiguration().setHost(/hostURI/, 443, "https");
// ******************** initial get for info page
System./out/.println("\n" + "About to make call for
getMethodInfoPage connection attempt");
GetMethod getMethodInfoPage = *new* GetMethod(INFO_SITE);
getMethodInfoPage.addRequestHeader("Accept", "image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*");
getMethodInfoPage.addRequestHeader("Accept-Encoding", "gzip,
deflate");
getMethodInfoPage.addRequestHeader("Accept-Language", "en-us");
status = client.executeMethod(getMethodInfoPage);
// print the status and response
System./out/.println("\n" + "Reply from initial get to info
page");
System./out/.println("getMethodInfoPage" + status + " with
status text " + getMethodInfoPage.getStatusText());
// ******************** now preparing to do POST
NameValuePair[] logindata = {
*new* NameValuePair("_EVENTTARGET", ""),
*new* NameValuePair("_EVENTARGUMENT", ""),
*new* NameValuePair("ea", ""),
*new* NameValuePair("p","oi"),
*new*
NameValuePair("ctl00$ContentPlaceHolder1$txtUserName",
userName),
*new*
NameValuePair("ctl00$ContentPlaceHolder1$txtPassWord",
userPassword),
*new*
NameValuePair("ctl00$ContentPlaceHolder1$cmd.x", "22"),
*new*
NameValuePair("ctl00$ContentPlaceHolder1$cmd.y", "12"),
*new* NameValuePair("Referer", "BlankPage.aspx"),
*new* NameValuePair("action", "submit"),
};
System./out/.println("\n" + "postMethodLoginPage will post
to " + LOGON_SITE);
PostMethod postMethodLoginPage = *new* PostMethod(LOGON_SITE);
postMethodLoginPage.setRequestBody(logindata);
postMethodLoginPage.setDoAuthentication(*true*);
postMethodLoginPage.addRequestHeader("Connection","Keep-Alive");
postMethodLoginPage.addRequestHeader("Accept", "image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*");
postMethodLoginPage.addRequestHeader("Accept-Encoding",
"gzip, deflate");
postMethodLoginPage.addRequestHeader("Accept-Language",
"en-us");
postMethodLoginPage.getParams().setCookiePolicy(CookiePolicy./BROWSER_COMPATIBILITY/);;
status = client.executeMethod(postMethodLoginPage);
// print the status and response.. this time we expect 302
System./out/.println("\n" + "Reply from post to login page");
System./out/.println("\n" + "postMethodLoginPage status " +
status + " with status text " + postMethodLoginPage.getStatusText());
AuthState howNow = postMethodLoginPage.getHostAuthState();
System./out/.println("\n" + "postMethodLoginPage AuthState "
+ howNow.toString());
System./out/.println("\n" +"Show cookies from
postMethodLoginPage connection attempt");
// ***************************************
// Get cookies stored in the HttpState
Cookie[] gcookies = client.getState().getCookies();
*for* (*int* i = 0; i < gcookies.length; i++) {
System./out/.println("\nCookieName=" +
gcookies[i].getName());
System./out/.println("Value=" +
gcookies[i].getValue().toString());
System./out/.println("Domain=" + gcookies[i].getDomain());
System./out/.println("Is expired: " +
gcookies[i].isExpired());
System./out/.println("Is secure: " +
gcookies[i].getSecure());
System./out/.println("Is Domain attribute specified: "
+ gcookies[i].isDomainAttributeSpecified());
String gcookieComment = gcookies[i].getComment();
*if* (gcookieComment != *null*){
System./out/.println("Cookie comment: " +
gcookieComment);
}
}
// ******************** Now hoping to be able to get the
information
System./out/.println("\n" + "postMethodInfoPage will post to
" + INFO_SITE);
GetMethod regetMethodInfoPage = *new* GetMethod(INFO_SITE);
regetMethodInfoPage.addRequestHeader("Connection","Keep-Alive");
regetMethodInfoPage.addRequestHeader("Accept", "image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*");
regetMethodInfoPage.addRequestHeader("Accept-Encoding",
"gzip, deflate");
regetMethodInfoPage.addRequestHeader("Accept-Language",
"en-us");
regetMethodInfoPage.setRequestHeader("Referer", LOGON_SITE);
status = client.executeMethod(regetMethodInfoPage);
System./out/.println("\n" + "regetMethodInfoPage status " +
status + " with status text " + regetMethodInfoPage.getStatusText());
// release connection resources used by the method
regetMethodInfoPage.releaseConnection();
System./out/.println("\n" + "Finished the conversation");
}
}
===============================================================
The Wirelog output from running this is as follows:
2007/03/13 11:28:42:710 EDT [DEBUG] HttpClient - Java version: 1.5.0_09
2007/03/13 11:28:42:710 EDT [DEBUG] HttpClient - Java vendor: Sun
Microsystems Inc.
2007/03/13 11:28:42:710 EDT [DEBUG] HttpClient - Java class path:
C:\Documents and Settings\jude\workspace\ANON
screenscrape\bin;C:\Documents and
Settings\jude\.m2\repository\junit\junit\3.8.2\junit-3.8.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-httpclient\commons-httpclient\3.0\commons-httpclient-3.0.jar;C:\Documents
and
Settings\jude\.m2\repository\xmlbeans\xbean\2.2.0\xbean-2.2.0.jar;C:\Documents
and
Settings\jude\.m2\repository\xstream\xstream\1.2\xstream-1.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-io\commons-io\1.2\commons-io-1.2.jar;C:\Documents
and
Settings\jude\.m2\repository\jexcelapi\jxl\2.4.2\jxl-2.4.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-configuration\commons-configuration\20070103\commons-configuration-20070103.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-fileupload\commons-fileupload\1.1.1\commons-fileupload-1.1.1.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-codec\commons-codec\1.3\commons-codec-1.3.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-jxpath\commons-jxpath\1.2\commons-jxpath-1.2.jar;C:\Documents
and
Settings\jude\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar;C:\Documents
and
Settings\jude\.m2\repository\xerces\xercesImpl\2.6.2\xercesImpl-2.6.2.jar;C:\Documents
and
Settings\jude\.m2\repository\xerces\xmlParserAPIs\2.6.2\xmlParserAPIs-2.6.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-lang\commons-lang\2.2\commons-lang-2.2.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar;C:\Documents
and
Settings\jude\.m2\repository\commons-logging\commons-logging-api\1.0.4\commons-logging-api-1.0.4.jar;C:\Documents
and
Settings\jude\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar;C:\Documents
and Settings\jude\.m2\repository\log4j\log4j\1.2.12\log4j-1.2.12.jar
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - Operating system name:
Windows XP
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - Operating system
architecture: x86
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - Operating system
version: 5.1
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SUN 1.5: SUN (DSA
key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX
CertPathBuilder; LDAP, Collection CertStores)
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SunRsaSign 1.5: Sun RSA
signature provider
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SunJSSE 1.5: Sun JSSE
provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SunJCE 1.5: SunJCE
Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2,
PBE, Diffie-Hellman, HMAC)
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SunJGSS 1.0: Sun
(Kerberos v5)
2007/03/13 11:28:42:725 EDT [DEBUG] HttpClient - SunSASL 1.5: Sun SASL
provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL,
PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Jakarta Commons-HttpClient/3.0
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.connection-manager.class = class
org.apache.commons.httpclient.SimpleHttpConnectionManager
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = rfc2109
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.element-charset = US-ASCII
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = ISO-8859-1
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.method.retry-handler =
[EMAIL PROTECTED]
2007/03/13 11:28:42:725 EDT [DEBUG] DefaultHttpParams - Set parameter
http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE,
dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy
HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE
dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy
HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z,
EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy
HH:mm:ss z]
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.auth.scheme-priority = [Digest, Basic, NTLM]
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.content-charset = UTF-8
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.single-cookie-header = true
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.useragent = Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.reject-relative-redirect = false
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.allow-circular-redirects = true
2007/03/13 11:28:42:741 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.version = HTTP/1.1
About to make call for getMethodInfoPage connection attempt
2007/03/13 11:28:42:788 EDT [DEBUG] HttpConnection - Open connection to
anonymous.org:443
2007/03/13 11:28:47:366 EDT [DEBUG] header - >> "GET
/ExMod/ExModInfo.aspx?searchstring=3396081 HTTP/1.1[\r][\n]"
2007/03/13 11:28:47:366 EDT [DEBUG] HttpMethodBase - Adding Host request
header
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*[\r][\n]"
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "Accept-Encoding: gzip,
deflate[\r][\n]"
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "Accept-Language:
en-us[\r][\n]"
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "User-Agent: Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 4.0)[\r][\n]"
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "Host:
anonymous.org[\r][\n]"
2007/03/13 11:28:47:382 EDT [DEBUG] header - >> "[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "HTTP/1.1 302 Found[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Connection: close[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Date: Tue, 13 Mar 2007
15:34:11 GMT[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Server:
Microsoft-IIS/6.0[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "X-Powered-By:
ASP.NET[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "X-AspNet-Version:
2.0.50727[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Location:
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Cache-Control:
private[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Content-Type:
text/html; charset=utf-8[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] header - << "Content-Length:
214[\r][\n]"
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodDirector - Redirect required
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodDirector - Redirect
requested to location
'/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081'
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodDirector - Redirect URI is
not absolute - parsing as relative
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodDirector - Redirecting
from 'https://anonymous.org:443/ExMod/ExModInfo.aspx' to
'https://anonymous.org:443/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodDirector - Execute
redirect 1 of 100
2007/03/13 11:28:47:679 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/03/13 11:28:47:679 EDT [DEBUG] HttpConnection - Connection is
locked. Call to releaseConnection() ignored.
2007/03/13 11:28:47:679 EDT [DEBUG] HttpConnection - Open connection to
anonymous.org:443
2007/03/13 11:28:47:757 EDT [DEBUG] header - >> "GET
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
HTTP/1.1[\r][\n]"
2007/03/13 11:28:47:757 EDT [DEBUG] HttpMethodBase - Adding Host request
header
2007/03/13 11:28:47:757 EDT [DEBUG] header - >> "Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*[\r][\n]"
2007/03/13 11:28:47:757 EDT [DEBUG] header - >> "Accept-Encoding: gzip,
deflate[\r][\n]"
2007/03/13 11:28:47:757 EDT [DEBUG] header - >> "Accept-Language:
en-us[\r][\n]"
2007/03/13 11:28:47:772 EDT [DEBUG] header - >> "User-Agent: Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 4.0)[\r][\n]"
2007/03/13 11:28:47:772 EDT [DEBUG] header - >> "Host:
anonymous.org[\r][\n]"
2007/03/13 11:28:47:772 EDT [DEBUG] header - >> "[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Connection: close[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Date: Tue, 13 Mar 2007
15:34:11 GMT[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Server:
Microsoft-IIS/6.0[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "X-Powered-By:
ASP.NET[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "X-AspNet-Version:
2.0.50727[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Set-Cookie:
ASP.NET_SessionId=qcxhg455i5iswf55z42xri45; path=/; HttpOnly[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Cache-Control:
no-cache[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Expires: -1[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Content-Type:
text/html; charset=utf-8[\r][\n]"
2007/03/13 11:28:48:335 EDT [DEBUG] header - << "Content-Length:
39011[\r][\n]"
2007/03/13 11:28:48:382 EDT [DEBUG] CookieSpec - Unrecognized cookie
attribute: name=HttpOnly, value=null
Reply from initial get to info page
getMethodInfoPage200 with status text OK
postMethodLoginPage will post to
https://anonymous.org/Login.aspx?ReturnURL=ExMod/ExModInfo.aspx?searchstring=3396081
2007/03/13 11:28:48:382 EDT [DEBUG] HttpMethodBase - Cookie accepted:
"$Version=0; ASP.NET_SessionId=qcxhg455i5iswf55z42xri45; $Path=/"
2007/03/13 11:28:48:382 EDT [DEBUG] DefaultHttpParams - Set parameter
http.protocol.cookie-policy = compatibility
2007/03/13 11:28:48:538 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/03/13 11:28:48:538 EDT [DEBUG] HttpConnection - Releasing
connection back to connection manager.
2007/03/13 11:28:48:538 EDT [DEBUG] HttpConnection - Open connection to
anonymous.org:443
2007/03/13 11:28:48:616 EDT [DEBUG] header - >> "POST
/Login.aspx?ReturnURL=ExMod/ExModInfo.aspx?searchstring=3396081
HTTP/1.1[\r][\n]"
2007/03/13 11:28:48:616 EDT [DEBUG] HttpMethodBase - Adding Host request
header
2007/03/13 11:28:48:616 EDT [DEBUG] HttpMethodBase - Default charset
used: UTF-8
2007/03/13 11:28:48:616 EDT [DEBUG] HttpMethodBase - Default charset
used: UTF-8
2007/03/13 11:28:48:616 EDT [DEBUG] header - >> "Connection:
Keep-Alive[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Accept-Encoding: gzip,
deflate[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Accept-Language:
en-us[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "User-Agent: Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 4.0)[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Host:
anonymous.org[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Cookie:
ASP.NET_SessionId=qcxhg455i5iswf55z42xri45[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Content-Length:
255[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "Content-Type:
application/x-www-form-urlencoded[\r][\n]"
2007/03/13 11:28:48:632 EDT [DEBUG] header - >> "[\r][\n]"
2007/03/13 11:28:48:710 EDT [DEBUG] EntityEnclosingMethod - Request body
sent
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Connection: close[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Date: Tue, 13 Mar 2007
15:34:12 GMT[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Server:
Microsoft-IIS/6.0[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "X-Powered-By:
ASP.NET[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "X-AspNet-Version:
2.0.50727[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Cache-Control:
no-cache[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Expires: -1[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Content-Type:
text/html; charset=utf-8[\r][\n]"
2007/03/13 11:28:49:007 EDT [DEBUG] header - << "Content-Length:
35907[\r][\n]"
Reply from post to login page
postMethodLoginPage status 200 with status text OK
postMethodLoginPage AuthState Auth state: auth requested [false]; auth
attempted [false] preemptive [false]
Show cookies from postMethodLoginPage connection attempt
CookieName=ASP.NET_SessionId
Value=qcxhg455i5iswf55z42xri45
Domain=anonymous.org
Is expired: false
Is secure: false
Is Domain attribute specified: false
postMethodInfoPage will post to
https://anonymous.org/ExMod/ExModInfo.aspx?searchstring=3396081
2007/03/13 11:28:49:194 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/03/13 11:28:49:194 EDT [DEBUG] HttpConnection - Releasing
connection back to connection manager.
2007/03/13 11:28:49:194 EDT [DEBUG] HttpConnection - Open connection to
anonymous.org:443
2007/03/13 11:28:49:272 EDT [DEBUG] header - >> "GET
/ExMod/ExModInfo.aspx?searchstring=3396081 HTTP/1.1[\r][\n]"
2007/03/13 11:28:49:272 EDT [DEBUG] HttpMethodBase - Adding Host request
header
2007/03/13 11:28:49:272 EDT [DEBUG] header - >> "Connection:
Keep-Alive[\r][\n]"
2007/03/13 11:28:49:272 EDT [DEBUG] header - >> "Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*[\r][\n]"
2007/03/13 11:28:49:272 EDT [DEBUG] header - >> "Accept-Encoding: gzip,
deflate[\r][\n]"
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "Accept-Language:
en-us[\r][\n]"
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "Referer:
https://anonymous.org/Login.aspx?ReturnURL=ExMod/ExModInfo.aspx?searchstring=3396081[\r][\n]";
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "User-Agent: Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 4.0)[\r][\n]"
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "Host:
anonymous.org[\r][\n]"
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "Cookie: $Version=0;
ASP.NET_SessionId=qcxhg455i5iswf55z42xri45; $Path=/[\r][\n]"
2007/03/13 11:28:49:288 EDT [DEBUG] header - >> "[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "HTTP/1.1 302 Found[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Connection: close[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Date: Tue, 13 Mar 2007
15:34:12 GMT[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Server:
Microsoft-IIS/6.0[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "X-Powered-By:
ASP.NET[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "X-AspNet-Version:
2.0.50727[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Location:
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Cache-Control:
private[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Content-Type:
text/html; charset=utf-8[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] header - << "Content-Length:
214[\r][\n]"
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodDirector - Redirect required
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodDirector - Redirect
requested to location
'/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081'
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodDirector - Redirect URI is
not absolute - parsing as relative
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodDirector - Redirecting
from 'https://anonymous.org:443/ExMod/ExModInfo.aspx' to
'https://anonymous.org:443/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodDirector - Execute
redirect 1 of 100
2007/03/13 11:28:49:460 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/03/13 11:28:49:460 EDT [DEBUG] HttpConnection - Connection is
locked. Call to releaseConnection() ignored.
2007/03/13 11:28:49:460 EDT [DEBUG] HttpConnection - Open connection to
anonymous.org:443
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "GET
/Login.aspx?ReturnUrl=%2fExMod%2fExModInfo.aspx%3fsearchstring%3d3396081&searchstring=3396081
HTTP/1.1[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] HttpMethodBase - Adding Host request
header
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Connection:
Keep-Alive[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Accept: image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Accept-Encoding: gzip,
deflate[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Accept-Language:
en-us[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Referer:
https://anonymous.org/Login.aspx?ReturnURL=ExMod/ExModInfo.aspx?searchstring=3396081[\r][\n]";
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "User-Agent: Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 4.0)[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Host:
anonymous.org[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "Cookie: $Version=0;
ASP.NET_SessionId=qcxhg455i5iswf55z42xri45; $Path=/[\r][\n]"
2007/03/13 11:28:49:538 EDT [DEBUG] header - >> "[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "HTTP/1.1 200 OK[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Connection: close[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Date: Tue, 13 Mar 2007
15:34:13 GMT[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Server:
Microsoft-IIS/6.0[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "X-Powered-By:
ASP.NET[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "X-AspNet-Version:
2.0.50727[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Cache-Control:
no-cache[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Pragma: no-cache[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Expires: -1[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Content-Type:
text/html; charset=utf-8[\r][\n]"
2007/03/13 11:28:49:913 EDT [DEBUG] header - << "Content-Length:
35935[\r][\n]"
regetMethodInfoPage status 200 with status text OK
2007/03/13 11:28:50:085 EDT [DEBUG] HttpMethodBase - Should close
connection in response to directive: close
2007/03/13 11:28:50:085 EDT [DEBUG] HttpConnection - Releasing
connection back to connection manager.
Finished the conversation
==========================================
The obvious difference is that after posting to the LoginPage, still get
a 302 response code but only the ASP.NET_SessionId cookie is returned
(and not all the details seem to be found by the various functions for
extracting elements from cookies. The /.ASPXAUTH cookie is not found as
a cookie by the httpclient.
Thus when sending a GET to the InfoPage, asp.net does not perceive the
session as being validated and redirects back to the LoginPage again.
I experimented with all the different settings for CookiePolicy, none
of them seemed to help.
Does anyone know how to:
- Get the /.ASPXAUTH cookie information within httpclient ?
- Manage to persuade Asp.Net that the login is persistent even if
we cannot see the session cookie /.ASPXAUTH
Also, is there much hope that support in the httpClient 3.1 beta version
for RFC_2965 would resolve the problem of the session cookie Microsoft
sees but the java client does not?
Would appreciate any help or advice please,
Thanks, Jude
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
