Sample forms authentication test in C# (纯c# 代码 forms authentication)
来源:互联网 发布:产品经理必备的软件 编辑:程序博客网 时间:2024/05/26 22:56
This sample test is doing the following:
1. Sending request to a page which requires forms authentication. This results in 302 to login page.
2. Send request to login page.
3. Parse response from 2 and create response entity containing username/password to be used in next post request to login page.
4. Do a POST to login page. If successful this should return a 302 with Set-Cookie and location header.
5. Send request to location pointed to in last response (this is original page we requested in 1) with request cookie as returned in 4. Expect 200.
using System;
using System.IO;
using System.Net;
namespace FormsAuthTest
{
class Program
{
static void Main(string[] args)
{
HttpWebRequest request = null;
HttpWebResponse response = null;
StreamReader sr = null;
String originalUri = "http://localhost/default.aspx";
System.Diagnostics.ConsoleTraceListener trace =
new System.Diagnostics.ConsoleTraceListener();
//
// Request page protected by forms authentication.
// This request will get a 302 to login page
//
trace.Write("Requesting : " + originalUri);
request = (HttpWebRequest)WebRequest.Create(originalUri);
request.AllowAutoRedirect = false;
response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.Found)
{
trace.Write("Response: 302 ");
trace.WriteLine(response.StatusCode);
}
else
{
trace.Fail("Response status is " + response.StatusCode + ". Expected was Found");
}
//
// Get the url of login page from location header
//
String locationHeader = response.GetResponseHeader("Location");
trace.WriteLine("Location header is " + locationHeader);
trace.WriteLine("");
//
// Request login page
//
String loginPageUrl = "http://localhost" + locationHeader;
Console.WriteLine("Requesting " + loginPageUrl);
request = (HttpWebRequest)WebRequest.Create(loginPageUrl);
request.AllowAutoRedirect = false;
response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
trace.Write("Response: 200 ");
trace.WriteLine(response.StatusCode);
}
else
{
trace.Fail("Response status is " + response.StatusCode + ". Expected was OK");
}
trace.WriteLine("Parsing login page to create post message");
trace.WriteLine("");
sr = new StreamReader(response.GetResponseStream());
String loginResponse = sr.ReadToEnd();
sr.Close();
String eventTargetVar = "__EVENTTARGET=";
String eventTargetValue = "";
String eventArgumentVar = "__EVENTARGUMENT=";
String eventArgumentValue = "";
String viewStateVar = "__VIEWSTATE=";
String viewStateSearchString = "name=/"__VIEWSTATE/" id=/"__VIEWSTATE/" value=/"";
int viewStateStartIndex = loginResponse.IndexOf(viewStateSearchString);
loginResponse = loginResponse.Substring(viewStateStartIndex + viewStateSearchString.Length);
String viewStateValue = Uri.EscapeDataString(
loginResponse.Substring(0, loginResponse.IndexOf("/" />"))
);
loginResponse = loginResponse.Substring(loginResponse.IndexOf("/" />"));
String lcSearchStr = "input name=";
int lcSearchIndex = 0;
//
// Look for logon control id
// Use any valid username and password
//
lcSearchIndex = loginResponse.IndexOf(lcSearchStr);
loginResponse = loginResponse.Substring(lcSearchIndex + lcSearchStr.Length + 1);
String userNameVar = Uri.EscapeDataString(
loginResponse.Substring(0, loginResponse.IndexOf("/""))
) + "=";
String userNameValue = "Alice";
lcSearchIndex = loginResponse.IndexOf(lcSearchStr);
loginResponse = loginResponse.Substring(lcSearchIndex + lcSearchStr.Length + 1);
String passwordVar = Uri.EscapeDataString(
loginResponse.Substring(0, loginResponse.IndexOf("/""))
) + "=";
String passwordValue = "alice123";
lcSearchStr = "type=/"submit/" name=";
lcSearchIndex = loginResponse.IndexOf(lcSearchStr);
loginResponse = loginResponse.Substring(lcSearchIndex + lcSearchStr.Length + 1);
String loginButtonVar = Uri.EscapeDataString(
loginResponse.Substring(0, loginResponse.IndexOf("/""))
) + "=";
String loginButtonValue = "Log+In";
String eventValidationVar = "__EVENTVALIDATION=";
String eventValSearchString =
"name=/"__EVENTVALIDATION/" id=/"__EVENTVALIDATION/" value=/"";
int eventValStartIndex = loginResponse.IndexOf(eventValSearchString);
loginResponse = loginResponse.Substring(eventValStartIndex + eventValSearchString.Length);
String eventValidationValue =
Uri.EscapeDataString(
loginResponse.Substring(0, loginResponse.IndexOf("/" />"))
);
String postString = eventTargetVar + eventTargetValue;
postString += "&" + eventArgumentVar + eventArgumentValue;
postString += "&" + viewStateVar + viewStateValue;
postString += "&" + userNameVar + userNameValue;
postString += "&" + passwordVar + passwordValue;
postString += "&" + loginButtonVar + loginButtonValue;
postString += "&" + eventValidationVar + eventValidationValue;
//
// Do a POST to login.aspx now
// This should result in 302 with Set-Cookie header
//
Console.WriteLine("POST request to http://localhost" + locationHeader);
request = (HttpWebRequest)WebRequest.Create("http://localhost" + locationHeader);
request.AllowAutoRedirect = false;
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] requestData = encoding.GetBytes(postString);
request.ContentLength = requestData.Length;
Stream requestStream = request.GetRequestStream();
requestStream.Write(requestData, 0, requestData.Length);
requestStream.Close();
response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.Found)
{
trace.Write("Response: 302 ");
trace.WriteLine(response.StatusCode);
}
else
{
trace.Fail("Response status is " + response.StatusCode + ". Expected was Found");
}
locationHeader = response.GetResponseHeader("Location");
trace.WriteLine("Location header is " + locationHeader);
String cookie = response.GetResponseHeader("Set-Cookie");
trace.WriteLine("Set-Cookie header is " + cookie);
trace.WriteLine("");
//
// Send request to originalUri with the cookie
// We should be able to see originalUri contents
//
trace.WriteLine("Requesting http://localhost" + locationHeader + " with cookie");
request = (HttpWebRequest)WebRequest.Create("http://localhost" + locationHeader);
request.AllowAutoRedirect = false;
request.Headers.Add(HttpRequestHeader.Cookie, cookie);
response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
trace.Write("Response: 200 ");
trace.WriteLine(response.StatusCode);
}
else
{
trace.Fail("Response status is " + response.StatusCode + ". Expected was OK");
}
trace.WriteLine("");
trace.WriteLine("Contents of " + originalUri);
trace.WriteLine("");
sr = new StreamReader(response.GetResponseStream());
trace.WriteLine(sr.ReadToEnd());
sr.Close();
}
}
}
Above sample is requesting aspx content. You can remove precondition from FormsAuthentication module on your server and use the same code to request non-aspx content as well.
Kanwal
http://blogs.iis.net/ksingla/archive/2006/08/24/sample-forms-authentication-test-in-c.aspx
- Sample forms authentication test in C# (纯c# 代码 forms authentication)
- Explained: Forms Authentication in ASP.NET 2.0
- windows + forms 混合 Authentication
- Forms Authentication 概述
- ASP.NET forms authentication
- Forms Authentication MVC 4
- asp.net Forms Authentication
- <authentication mode="Forms"> <forms loginUrl="~/Authentication/Login"></forms>
- 没有生成forms authentication cookie
- ASP.NET&C#学习笔录4(<authentication mode="Windows|Forms|Passport|None"> )
- How to authenticate against the Active Directory by using Forms authentication and Visual C# .NET
- Step by Step Configuring Forms Based Authentication in SharePoint 2013
- Forms authentication without a (visible) form
- [ZT]Generating Forms Authentication Compatible Passwords (SHA1)
- [转贴]Forms authentication and role-based security
- Role-based Security with Forms Authentication
- Role-based Security with Forms Authentication
- Role-based Security with Forms Authentication
- sql中exist与in的区别
- 最易被商家“掺毒”的十五种食品
- winrar命令打包文件执行方式一例
- win2000server IIS和tomcat5多站点配置
- 查询从一个表中返回所有记录不在另外一个表中的结果集的方法
- Sample forms authentication test in C# (纯c# 代码 forms authentication)
- 求大数40000阶乘
- 周杰伦经典歌词
- C++中异常处理中的构造和析构
- oracle 修改 sequence 数值
- 一段调用游戏call的代码
- ★什么是index的leading column(索引的前导列)?
- 基于工作流的协同管理客户价值
- C# 移动TreeView的节点的类.