Getting webbrowser cookies to log in [duplicate]

Question

I am creating an windows forms app, where I have a webbrowser control.

After user logs in with the webbrowser, I want to log in also with same account with Microsoft.Http.HttpClient or HttpWebRequest or similar, it should be similar to cURL from PHP.

Problem is that the webpage allows only single sign on per account and if I sign with HttpClient, it will kick the webbrowser out.

What I want to know, if it is possible to hijack webbrowser session or get the cookies and use it in my HttpClient or similar api.

I can use webbrowser.Cookie to get some data, but how to push it to HttpClient?

Is that kind of thing even possible, that I can just take the cookies and use the same session? If so, how?

Answer 1

Got help from here:

Is it possible to transfer authentication from Webbrowser to WebRequest

Alkampfer posted solution. This is exactly what I needed and it worked.

This solution also takes Http only cookies.

You can call the GetUriCookieContainer method that returns you a CookieContainer that can be used for subsequent call with WebRequest object.

[DllImport("wininet.dll", SetLastError = true)]
    public static extern bool InternetGetCookieEx(
        string url, 
        string cookieName, 
        StringBuilder cookieData, 
        ref int size,
        Int32  dwFlags,
        IntPtr  lpReserved);

    private const Int32 InternetCookieHttponly = 0x2000;

/// <summary>
/// Gets the URI cookie container.
/// </summary>
/// <param name="uri">The URI.</param>
/// <returns></returns>
public static CookieContainer GetUriCookieContainer(Uri uri)
{
    CookieContainer cookies = null;
    // Determine the size of the cookie
    int datasize = 8192 * 16;
    StringBuilder cookieData = new StringBuilder(datasize);
    if (!InternetGetCookieEx(uri.ToString(), null, cookieData, ref datasize, InternetCookieHttponly, IntPtr.Zero))
    {
        if (datasize < 0)
            return null;
        // Allocate stringbuilder large enough to hold the cookie
        cookieData = new StringBuilder(datasize);
        if (!InternetGetCookieEx(
            uri.ToString(),
            null, cookieData, 
            ref datasize, 
            InternetCookieHttponly, 
            IntPtr.Zero))
            return null;
    }
    if (cookieData.Length > 0)
    {
        cookies = new CookieContainer();
        cookies.SetCookies(uri, cookieData.ToString().Replace(';', ','));
    }
    return cookies;
}

Answer 2

You can, but it's a bit tricky. Use the InternetSetCookie call together with a CookieContainer from HttpWebRequest.

Here's the method: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385107(v=vs.85).aspx

and here's an example on how to set it: http://social.msdn.microsoft.com/Forums/en-SG/csharpgeneral/thread/76a38eee-3ef6-4993-a54d-3fecc4eb6cff

Answer 3

I think you might be stretching the technologies a little bit too far. The webbrowser control in windows forms are usually designed to give you basic html rendering from local files or internet, but it shouldn't be used to replace a full-fledge web browser.

If you want to authenticate against a SSO provider, then you have to use the right libraries, in this case from Windows Identitity Foundation, with Microsoft.IdentityModel you will get claims authentication mechanisms to handle the claims from your SSO provider. Cookies cannot be shared across applications, in fact some new web technologies are designed just to avoid that, so in my opinion try to use WIF instead of a webbrowser control.

Hope it helps,