Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get auth token using post request

Tags:

c#

security

oauth

token

jwt

I am trying to get request auth token by making a post web request to a url. The api expects username/password as credentials in the form-data payload.

When I click the sign-in option on the browser, the network logs show a GET request with HTML as response, followed by a POST request which returns form-data with username/password and request token in payload.

Network log from browser..

Trying to mock the flow using webrequest, I am doing a simple post request, as the following:

public string HttpPost(string url, string post, string refer = "")
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            // request.CookieContainer = cJar;
            request.UserAgent = UserAgent;
            request.KeepAlive = false;
            request.Method = "POST";
            request.Referer = refer;

            byte[] postBytes = Encoding.ASCII.GetBytes(post);
            request.ContentType = "application/x-www-form-urlencoded";
            request.ContentLength = postBytes.Length;

            Stream requestStream = request.GetRequestStream();
            requestStream.Write(postBytes, 0, postBytes.Length);
            requestStream.Close();

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();
            StreamReader sr = new StreamReader(response.GetResponseStream());

            return sr.ReadToEnd();
        }

However, this request only returns the text/HTML markup of the page as the first part of the request of the browser does. How do I get it to run the subsequent POST to fetch the token from the endpoint?

EDIT 1:

Here is the first GET Request:

enter image description here

like image 838
faizanjehangir Avatar asked May 08 '26 07:05

faizanjehangir

1 Answers

The token is a CSRF token, what you need to do is find the login form in the html response that you've received with your initial get request, and also to ensure you are storing the cookies set in this response.

You will then need to search within the html response for the hidden input parameter named 'token' next to the username and pw input fields and use the value of that element to compose your post request.

Doing this programmatically is possible with some regex or the htmlagilitypack to extract that token

like image 183
Aydin Avatar answered May 10 '26 22:05

Aydin
Sign in to Comment

Related questions

How do I fix SCS0018?
List of a model posting back incorrectly ASP.NET MVC
Streaming through Excel data with Open XML SDK
Wpf PasswordBox must show characters when I click CheckBox

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!