Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP curl - posting asp.net viewstate value

Tags:

authentication

php

curl

asp.net

viewstate

I have the following code to login into an external site application (asp.net app) from a local site login form (written in php):

<?php
$curl_connection = curl_init('www.external.com/login.aspx');

curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

// Post data array
$post_data['LoginControl$UserName'] = 'ExampleUName';
$post_data['LoginControl$Password'] = 'ExamplePWord';

// Add form fields into an array to get ready to post
foreach ($post_data as $key => $value) 
  {
$post_items[] = $key . '=' . $value;
  }
$post_string = implode ('&', $post_items);

// Tell cURL which string to post
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

// Execute and post
$result = curl_exec($curl_connection);
?>

I get directed to the login form of the external site instead of being directed to the application logged in. I think the problem is that I need to pass the viewstate values through, but i'm not sure how to go about doing that?

I don't have control over the external application. But we want users to be able to login to the application through our website, to maintain branding etc.

I've posted a couple of other threads recently about the use of php cURL, but I'm at the stage now where I think the viewstate is the problem ...

Thanks, Mark.

like image 347
Mark Jones Avatar asked Jul 16 '10 09:07

Mark Jones

People also ask

What is VIEWSTATE in ASP NET?

To overcome this, ViewState technique has introduced. Note: To use the ViewState property, the ASP.NET Web page must have a form element that has the attribute runat="server". View State uses HiddenField to store page information or control value in key-value format and value stored in base64-encoded strings encrypted format.

Can I send an array of curlfiles to a REST API?

If you need to send an array of files using CURL (typical case: POST variable to a REST API), having an array of CURLFiles in the POSTFIELD won't work. You have to set as many variables in your postfield than there are files to send: //... //...

What is the difference between view state and control state in ASP NET?

View State: Control the attributes just within the same view or page, it is the default state for ASP.NET web application. Control State: Client-side controller, write the logic for holding data for full flow controller of multiple views.

What is the default HTTP version in curl?

Please note that new versions of curl is using http2 as default, so if you are having some strange errors, 0 http status codes, etc, please explicitly specify the http version in your code. HTH, Guenter. fopen($cookie_file,'w') or $this->error('The cookie file could not be opened. Make sure this directory has the correct permissions');

2 Answers

This seems to be a real problem when trying to scrape the asp.net pages.

The pages contain a hidden field named "__VIEWSTATE" which contains a base64 encoded set of va;ues containing some or all of the page state when the page was sent. It usually also contains the SHA1 of the viewstate.

What this means is that your post must contain everything in the _VIEWSTATE or it will fail.

I have been able to post a simple login page that has only 2 fields but not a more complex page in which the author has chosen to put the entire page state in the viewstate.

As yet I have not been able to come up with a solution.

like image 106
Ed Robinson Avatar answered Sep 22 '22 10:09

Ed Robinson

Change:

curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

To:

curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, false);

You also need to set up a cookie file, take a look at CURLOPT_COOKIEFILE

CURLOPT_COOKIEFILE:

The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file.

CURLOPT_COOKIE:

The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")

CURLOPT_COOKIEJAR:

he name of a file to save all internal cookies to when the connection closes.

@see http://www.php.net/manual/en/function.curl-setopt.php

curl_setopt($curl_connection, CURLOPT_COOKIEFILE, 'cookiefile.txt'); 
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, 'cookiefile.txt');
like image 22
RobertPitt Avatar answered Sep 19 '22 10:09

RobertPitt
Sign in to Comment

Related questions

Cannot install mcrypt with homebrew and php7.4
Laravel: Cannot declare class App\Models\Customer, because the name is already in use
Setting a custom place holder image in twig/timber theme
Prevent PHP DOMDocument from removing @click attributes
Arithmetic with Arbitrarily Large Integers in PHP
Upload progress using pure PHP/AJAX?
Transactions in wordpress database
php user authentication libraries / frameworks ... what are the options? [closed]
Can't return a result set in the given context
Creating and updating Zend_Search_Lucene indexes
Mysqli Prepared Statement in bindParam() not working
PHP $_POST variables are sometimes empty
Encode HTML entities but ignore HTML tags - in PHP
SPSS and PHP/MySQL Integration
What is the best way to assert redirections in Selenium?
How efficient is PHP's substr?
PHP : apc_store doesn't work as intended
Do you need a good background in OOP before moving to frameworks?
Can I expose MySQL data using PHP and OData?
Run inkscape in PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!