Programs | When you write an Internet application, you often need to handle the user login. Generally speaking, we use programs to simulate the process by which users fill out user names, passwords, and submissions on a Web page. When a user enters a user name, password, and submission on a Web page, it actually triggers a POST request that contains the user name, password, and so on. So, as long as we encapsulate the relevant information in a program into a POST request and send it to the Web Server, we can basically log in. In MFC, for example, the following code simulates a logon process:
This method is very effective for ASP pages, but for asp.net pages, sometimes it doesn't work.
To find out how the asp.net page differs from the ASP page in processing the login, we need to use the sniffer tool to track the communication between the Web server and the browser. After tracking, the ASP.net page still uses post requests to send relevant information to the server after the user submits the login information. The difference is that the processing of user names, passwords and other information than a __viewstate. If you add a __viewstate to the Strformdata in the code above, you can successfully simulate the entire login process. The next question is, how do we get this __viewstate?
We know that the ASP.net page has a ViewState property that asp.net use to hold the page's state information so that the page's status can be restored when the page submission fails. It is defined by a hidden field in the page, and if you view source from a browser, you can see that it is a line of code like the following
Its value is exactly what we need, and we can solve the problem by simply parsing the __viewstate value from the login page.
Take a closer look, the value of the ViewState is encoded, regardless of it, directly out of the page, and login information together to form a POST request, sent to the server, the result? Failed The L. Comparing the results of sniffer with the value of viewstate in the page, we will find that there is a slight difference between them. Originally, the ViewState value in the page source code is BASE64 encoded, and when it is sent to the Web server, in order to ensure the correct transmission, the browser will convert it to URL encoding, when the Web server received ViewState, Of course, it will be decoded from URL encoding to BASE64 encoding and then to asp.net processing. It seems that we need to viewstate the value of the URL in the same way, so that we can successfully simulate the entire login process J.
Reference
1. The howto:simulate a Form POST request Using WinInet, a KB article in Microsoft, describes the implementation of the simulated POST requests.
2. Getting Started with ASP. NET maintaining the viewstate,viewstate.
3. Viewstate:all your wanted to Know, in-depth discussion on ViewState.
4. ViewState Parser, would like to see the decoding of the ViewState is what it looks like? Try this parser.
5. Blog Hall in the relevant discussion, this is my solution to this problem in the process, blog Hall to write a blog.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
