.

Saturday, June 14, 2008

Authenticate Users Via POST request

Authenticate Users Via POST request

In this blog post, I will explain how to submit user credentials to another application to authenticate users.

Suppose in your application, you wanted to retrieve data from another application (for instance RSS feeds), this rss feed isn't for public use, and you don't control the login authentication on that application.

Solution
You can submit user credentials from your application to the other application and process the login click event using the HttpWebRequest class. In this way, if the user is authenticated the authentication cookie will be saved in the response header. After this stage, Each time you want to retrieve information for Application B, you could set the authentication cookie already retrieved to the request header so Application B will deal with the request as an authenticated one.

Let's drill down to the code

string loginURL = "http://www.example.com/default.aspx";
// Create a webrequest to the above url
HttpWebRequest webRequest = WebRequest.Create(loginURL) as HttpWebRequest;
// Set the request method to post
webRequest.Method = WebRequestMethods.Http.Post;
webRequest.AllowAutoRedirect = false;
// Set the content type to urlencoded
webRequest.ContentType = "application/x-www-form-urlencoded";
// Set the data which needs to be posted. Note here os_username, os_password is the textbox ID for the //username, password on Application B. login is the ID of the login button control, LogIn is its value.
string postData = "os_username=haissam&os_password=password&login=LogIn";
// Set the content length of the request
webRequest.ContentLength = postData.Length;
// set the webrequest stream to the requestWriter
StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
// Write the data which need to be posted to the streamwriter
requestWriter.Write(postData);
// Close the stream
requestWriter.Close();
// you don't need to get the response only the authentication cookie so directly we close it
webRequest.GetResponse().Close();

No comments:

.