dcsimg
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 11 of 11

Thread: [Help] "Enabling" cookies in a webrequest

  1. #1
    Join Date
    Aug 2009
    Posts
    7

    [Help] "Enabling" cookies in a webrequest

    I am trying to wright a class that will get the cookie for a windows live/passport.net account by supplying the email and password. This will be used for httpwebrequests on various sites that use windows live accounts. When trying to send an httpwebrequest to the main login page, or any login page for live you are greeted with this message:
    Cookies must be allowed
    Your browser is currently set to block cookies. Your browser must allow cookies before you can use Windows Live ID.
    So I looked into enabling cookies.

    According to msdn:
    For security reasons, cookies are disabled by default. If you want to use cookies, use the CookieContainer property to enable cookies.
    So I attempted to enabled cookies on my webrequest using this code:
    Code:
    public static string GetHttpSource(string url)
            {
                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
                request.CookieContainer = new CookieContainer();
                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
                Stream responseStream = response.GetResponseStream();
                StreamReader reader = new StreamReader(responseStream);
                string str = reader.ReadToEnd();
                reader.Close();
                responseStream.Close();
                response.Close();
                return str;
            }
    Even after "enabling" cookies, when I load the page I still get told I need to enable cookies.

    This is highly disappointing. I also played around with various setting trying to imitate the exact http headers of firefox 3.5 loading the site I'm still getting the same error. Playing around with credentials also did me no luck.

  2. #2
    Join Date
    Jul 2001
    Location
    Sunny South Africa
    Posts
    11,267

    Re: [Help] "Enabling" cookies in a webrequest

    Welcome to the Forums!

    I believe that you're going about this the wrong way
    The best, logical solution would be to detect whether or not cookies are enabled / disabled. Based on that, redirect the users to an appropriate page informing them that they must enable cookies before contiuing.
    [SIGPIC][/SIGPIC]
    All my Articles
    Hannes

  3. #3
    Join Date
    Aug 2009
    Posts
    7

    Re: [Help] "Enabling" cookies in a webrequest

    I think you misunderstood my problem. I want to use a webrequest client from c# to login to windows live. I don't want to write a webpage that requires people to have cookies enabled.

  4. #4
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,146

    Re: [Help] "Enabling" cookies in a webrequest

    Quote Originally Posted by SLashmolder View Post
    This is highly disappointing. I also played around with various setting trying to imitate the exact http headers of firefox 3.5 loading the site I'm still getting the same error. Playing around with credentials also did me no luck.
    If you were able to do this, wouldn't this be a severe security hole?

  5. #5
    Join Date
    Jul 2006
    Posts
    297

    Re: [Help] "Enabling" cookies in a webrequest

    I recommend reading this article, maybe it will help you out a little. There shouldn't be anything fancy you need to do to get it to work. Keep in mind that even if you were able to "hack" firefox to work you'd still have IE6, IE7, IE8, Safari, Opera, and many others i'm forgetting to work with it. I recommend just following the directions in the article and you should have no problems setting it up.

    http://msdn.microsoft.com/en-us/library/bb676633.aspx

    The problem you're having is that you cannot load a cookie from 3rd party site without using a P3P header, and even then its a pain to get IE to comply with the P3P header. Read the article i posted, if you try to do it using the WebRequest class you'll wish that you had just written your own login. In fact you cannot even use the WebRequest to set a cookie for a client, the request must be sent from the client's browser, not the server. If you use WebRequest the server will be the one who gets the cookie, not the client and that is not going to help you in any way.
    Last edited by monalin; August 7th, 2009 at 02:59 PM. Reason: added more information

  6. #6
    Join Date
    Aug 2009
    Posts
    7

    Re: [Help] "Enabling" cookies in a webrequest

    Quote Originally Posted by monalin View Post
    I recommend reading this article, maybe it will help you out a little. There shouldn't be anything fancy you need to do to get it to work. Keep in mind that even if you were able to "hack" firefox to work you'd still have IE6, IE7, IE8, Safari, Opera, and many others i'm forgetting to work with it. I recommend just following the directions in the article and you should have no problems setting it up.

    http://msdn.microsoft.com/en-us/library/bb676633.aspx

    The problem you're having is that you cannot load a cookie from 3rd party site without using a P3P header, and even then its a pain to get IE to comply with the P3P header. Read the article i posted, if you try to do it using the WebRequest class you'll wish that you had just written your own login. In fact you cannot even use the WebRequest to set a cookie for a client, the request must be sent from the client's browser, not the server. If you use WebRequest the server will be the one who gets the cookie, not the client and that is not going to help you in any way.
    I'm not trying to do a webbased application. This will be an exe file to be ran on windows computers. The application will use webrequests to load information from the user's live account such as their email or xbox.com account. What do you mean by "hack"ing firefox and having issues with other browsers.... I also question the relevance of the mention of a 3rd party cookie.

    I think you think that I am trying to run a webbrased program which is not the case, this will be an executable file ran on the client's computer.

    Quote Originally Posted by Arjay View Post
    If you were able to do this, wouldn't this be a severe security hole?
    How in the world is loading a webpage, and having the webpage not tell you cookies need to be enabled a security hole? The server lets you do it with every webbrowser out there, why doesn't it work with a webrequest is my question.

  7. #7
    Join Date
    Jul 2006
    Posts
    297

    Re: [Help] "Enabling" cookies in a webrequest

    Forgive me for assuming you meant a Windows Application when you're talking about cookies, webrequests, firefox, and loading the live.com site to emulate their http headers. Now that we're on the same page, you should know that you're still going about it the wrong way. You do not want to use cookies for authentication of a windows application, nor do you need to use a WebRequest to authenticate a user.

    Download their Windows Live ID SDK and then follow this tutorial on how to set it up.

    Secondly, you can disregard my comments about hacking FireFox and 3rd party cookies because you're not going to be using cookies or a browser. I missunderstood your situation and thought you were using a website I apologize.

    Quote Originally Posted by SLashmolder View Post
    How in the world is loading a webpage, and having the webpage not tell you cookies need to be enabled a security hole? The server lets you do it with every webbrowser out there, why doesn't it work with a webrequest is my question.
    I'm pretty sure he misunderstood your question too and perhaps thought you were using a website.
    Last edited by monalin; August 7th, 2009 at 04:19 PM.

  8. #8
    Join Date
    Aug 2009
    Posts
    7

    Re: [Help] "Enabling" cookies in a webrequest

    I am not trying to authenticate a user. As said this program should be able to do stuff such as load mail.live.com and get the user's email for them. I don't think the SDK lets one do things such as that. I think I solved my own problem though.

  9. #9
    Join Date
    Jan 2006
    Location
    Fox Lake, IL
    Posts
    15,007

    Re: [Help] "Enabling" cookies in a webrequest

    If you discovered your own solution, please post it for others to see.
    If you want LIVE, you need the LIVE SDK, or else you'll be doing ten times the work, IF you can get it working.
    David

    CodeGuru Article: Bound Controls are Evil-VB6
    2013 Samples: MS CODE Samples

    CodeGuru Reviewer
    2006 Dell CSP
    2006, 2007 & 2008 MVP Visual Basic
    If your question has been answered satisfactorily, and it has been helpful, then, please, Rate this Post!

  10. #10
    Join Date
    Aug 2009
    Posts
    7

    Re: [Help] "Enabling" cookies in a webrequest

    My solution was just to play around more with httpwebrequest's options. I'm not exactly sure what I did but now it doesn't get the no cookies page. I'm having a new issue now. I get
    Your session has timed out.

    To secure personal information, your Windows Live ID session has expired. To verify your identity, please enter your password.
    My idea was to change the expiring time for all the cookies from xbox.com (the site I'm working on now) and for some reason it just won't not expire. I can get the cookie seconds before I go to the page but it won't load. The page in question is: https://live.xbox.com/en-US/Flows/Ed...nstrument.aspx

    Most any of the billing type pages have the cookie expire when they are loaded.

    As for the windows live sdk. The problem is that I can't use it to do what I want my program to do, such as get a person's xbox live account's gamerscore and gamertag. From what I can tell you can't use the live sdk to connect to xbox.com at all which is why using the login is necessary.

  11. #11
    Join Date
    Jul 2006
    Posts
    297

    Re: [Help] "Enabling" cookies in a webrequest

    Quote Originally Posted by SLashmolder View Post
    My solution was just to play around more with HttpWebRequest's options. I'm not exactly sure what I did but now it doesn't get the no cookies page. I'm having a new issue now.
    This is because you're trying to hack the live.com site and authenticate a user through your own program. Any site with decent security would have the measures in place to prevent this from happening.

    If you want LIVE, you need the LIVE SDK, or else you'll be doing ten times the work, IF you can get it working.
    dglienna is right, good luck trying to accomplish this task. I've been developing web applications for a few years now, I know how it all works and I know what you can and cannot do. I'm not saying what you're trying to do is impossible, because it can most likely be done. However, these errors you're getting now are just the tip of the iceburg. Everytime you fix one you'll get something else blocking you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width




On-Demand Webinars (sponsored)