[Help] "Enabling" cookies in a webrequest

[SLashmolder]

I am trying to wright a class that will get the cookie for a windows live/passport.net account by supplying the email and password. This will be used for httpwebrequests on various sites that use windows live accounts. When trying to send an httpwebrequest to the main login page, or any login page for live you are greeted with this message:

Cookies must be allowed
Your browser is currently set to block cookies. Your browser must allow cookies before you can use Windows Live ID.

So I looked into enabling cookies.

According to msdn:

For security reasons, cookies are disabled by default. If you want to use cookies, use the CookieContainer property to enable cookies.

So I attempted to enabled cookies on my webrequest using this code:

Code:

public static string GetHttpSource(string url)
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.CookieContainer = new CookieContainer();
            HttpWebResponse response = (HttpWebResponse)request.GetResponse();
            Stream responseStream = response.GetResponseStream();
            StreamReader reader = new StreamReader(responseStream);
            string str = reader.ReadToEnd();
            reader.Close();
            responseStream.Close();
            response.Close();
            return str;
        }

Even after "enabling" cookies, when I load the page I still get told I need to enable cookies.

This is highly disappointing. I also played around with various setting trying to imitate the exact http headers of firefox 3.5 loading the site I'm still getting the same error. Playing around with credentials also did me no luck.

[HanneSThEGreaT]

Welcome to the Forums!

I believe that you're going about this the wrong way
The best, logical solution would be to detect whether or not cookies are enabled / disabled. Based on that, redirect the users to an appropriate page informing them that they must enable cookies before contiuing.

[SLashmolder]

I think you misunderstood my problem. I want to use a webrequest client from c# to login to windows live. I don't want to write a webpage that requires people to have cookies enabled.

[Arjay]

This is highly disappointing. I also played around with various setting trying to imitate the exact http headers of firefox 3.5 loading the site I'm still getting the same error. Playing around with credentials also did me no luck.

If you were able to do this, wouldn't this be a severe security hole?

[monalin]

I recommend reading this article, maybe it will help you out a little. There shouldn't be anything fancy you need to do to get it to work. Keep in mind that even if you were able to "hack" firefox to work you'd still have IE6, IE7, IE8, Safari, Opera, and many others i'm forgetting to work with it. I recommend just following the directions in the article and you should have no problems setting it up.

http://msdn.microsoft.com/en-us/library/bb676633.aspx

The problem you're having is that you cannot load a cookie from 3rd party site without using a P3P header, and even then its a pain to get IE to comply with the P3P header. Read the article i posted, if you try to do it using the WebRequest class you'll wish that you had just written your own login. In fact you cannot even use the WebRequest to set a cookie for a client, the request must be sent from the client's browser, not the server. If you use WebRequest the server will be the one who gets the cookie, not the client and that is not going to help you in any way.

[SLashmolder]

I recommend reading this article, maybe it will help you out a little. There shouldn't be anything fancy you need to do to get it to work. Keep in mind that even if you were able to "hack" firefox to work you'd still have IE6, IE7, IE8, Safari, Opera, and many others i'm forgetting to work with it. I recommend just following the directions in the article and you should have no problems setting it up.

http://msdn.microsoft.com/en-us/library/bb676633.aspx

The problem you're having is that you cannot load a cookie from 3rd party site without using a P3P header, and even then its a pain to get IE to comply with the P3P header. Read the article i posted, if you try to do it using the WebRequest class you'll wish that you had just written your own login. In fact you cannot even use the WebRequest to set a cookie for a client, the request must be sent from the client's browser, not the server. If you use WebRequest the server will be the one who gets the cookie, not the client and that is not going to help you in any way.

I'm not trying to do a webbased application. This will be an exe file to be ran on windows computers. The application will use webrequests to load information from the user's live account such as their email or xbox.com account. What do you mean by "hack"ing firefox and having issues with other browsers.... I also question the relevance of the mention of a 3rd party cookie.

I think you think that I am trying to run a webbrased program which is not the case, this will be an executable file ran on the client's computer.

If you were able to do this, wouldn't this be a severe security hole?

How in the world is loading a webpage, and having the webpage not tell you cookies need to be enabled a security hole? The server lets you do it with every webbrowser out there, why doesn't it work with a webrequest is my question.

[monalin]

Forgive me for assuming you meant a Windows Application when you're talking about cookies, webrequests, firefox, and loading the live.com site to emulate their http headers. Now that we're on the same page, you should know that you're still going about it the wrong way. You do not want to use cookies for authentication of a windows application, nor do you need to use a WebRequest to authenticate a user.

Download their Windows Live ID SDK and then follow this tutorial on how to set it up.

Secondly, you can disregard my comments about hacking FireFox and 3rd party cookies because you're not going to be using cookies or a browser. I missunderstood your situation and thought you were using a website I apologize.

How in the world is loading a webpage, and having the webpage not tell you cookies need to be enabled a security hole? The server lets you do it with every webbrowser out there, why doesn't it work with a webrequest is my question.

I'm pretty sure he misunderstood your question too and perhaps thought you were using a website.

[SLashmolder]

I am not trying to authenticate a user. As said this program should be able to do stuff such as load mail.live.com and get the user's email for them. I don't think the SDK lets one do things such as that. I think I solved my own problem though.

[dglienna]

If you discovered your own solution, please post it for others to see.
If you want LIVE, you need the LIVE SDK, or else you'll be doing ten times the work, IF you can get it working.

[SLashmolder]

My solution was just to play around more with httpwebrequest's options. I'm not exactly sure what I did but now it doesn't get the no cookies page. I'm having a new issue now. I get

Your session has timed out.

To secure personal information, your Windows Live ID session has expired. To verify your identity, please enter your password.

My idea was to change the expiring time for all the cookies from xbox.com (the site I'm working on now) and for some reason it just won't not expire. I can get the cookie seconds before I go to the page but it won't load. The page in question is: https://live.xbox.com/en-US/Flows/Ed...nstrument.aspx

Most any of the billing type pages have the cookie expire when they are loaded.

As for the windows live sdk. The problem is that I can't use it to do what I want my program to do, such as get a person's xbox live account's gamerscore and gamertag. From what I can tell you can't use the live sdk to connect to xbox.com at all which is why using the login is necessary.

[monalin]

My solution was just to play around more with HttpWebRequest's options. I'm not exactly sure what I did but now it doesn't get the no cookies page. I'm having a new issue now.

This is because you're trying to hack the live.com site and authenticate a user through your own program. Any site with decent security would have the measures in place to prevent this from happening.

If you want LIVE, you need the LIVE SDK, or else you'll be doing ten times the work, IF you can get it working.

dglienna is right, good luck trying to accomplish this task. I've been developing web applications for a few years now, I know how it all works and I know what you can and cannot do. I'm not saying what you're trying to do is impossible, because it can most likely be done. However, these errors you're getting now are just the tip of the iceburg. Everytime you fix one you'll get something else blocking you.