Authenticate Users Via POST request

 In this blog post,  I will explain how to submit user credentials to another application to authenticate users.

Suppose in your application, you wanted to retrieve data from another application (for instance RSS feeds), this rss feed isn't for public use, and you don't control the login authentication on that application.

Solution
You can submit user credentials from your application to the other application and process the login click event using the HttpWebRequest class. In this way, if the user is authenticated  the authentication cookie will be saved in the response header. After this stage, Each time you want to retrieve information for Application B, you could set the authentication cookie already retrieved to the request header so Application B will deal with the request as an authenticated one.

Let's drill down to the code

      string loginURL = "http://www.example.com/default.aspx";
            // Create a webrequest to the above url
            HttpWebRequest webRequest = WebRequest.Create(loginURL) as HttpWebRequest;
            // Set the request method to post
            webRequest.Method = WebRequestMethods.Http.Post;
            webRequest.AllowAutoRedirect = false;
            // Set the content type to urlencoded
            webRequest.ContentType = "application/x-www-form-urlencoded";
            // Set the data which needs to be posted. Note here os_username, os_password is the textbox ID for the                      //username, password on Application B. login is the ID of the login button control, LogIn is its value.
            string postData = "os_username=haissam&os_password=password&login=LogIn";
            // Set the content length of the request
            webRequest.ContentLength = postData.Length;
            // set the webrequest stream to the requestWriter
            StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
            // Write the data which need to be posted to the streamwriter
            requestWriter.Write(postData);
            // Close the stream
            requestWriter.Close();
            // you don't need to get the response only the authentication cookie so directly we close it
            webRequest.GetResponse().Close();

Hope this helps,

Published 19 May 2008 09:32 AM by haissam

Comments

# BasharKokash said on 19 May, 2008 04:22 AM

This is great, Thanks

# xxxd said on 14 July, 2008 10:33 PM

this is great, indeed. I have been looking for information regarding authentication of rest service. One question, read a lot about that REST service generally uses noun, instead of verbs, for example, the service call would

be

http://..../products/id=6

instead of http://..../products/getProduct.aspx?id=6

Wonder how this is done? Can it be just simple url rewriting?

Please advise, thanks

This site

Search

Go

This Blog

Syndication

Sponsors

  • MaximumASP