14 replies to this topic

[hers19]

Help me, please

[WingedPanther]

You have to give us some details about your problem.

[hers19]

I want to login to http://bakcell.com/en/login and with the same session to do other operations. I succesfully applied this to other sites. I use HttpWebRequest and Cookie Container. So i can not apply it to http://bakcell.com/en/login. When i try to login the site responses "crf tooken" error.

[WingedPanther]

Again, we need more information. You haven't shown the code that's failing.

[hers19]

that is it:

---------------------------------------
CookieContainer cc = new CookieContainer();
string param = "signin[username]=" + login + "&signin[password]=" + pass + "&signin[_csrf_token]=e23ad9640c73afdf4995c2781e0b699e";
string url="http://bakcell.com/en/login";
ASCIIEncoding encoding = new ASCIIEncoding();

byte[] byteData = System.Text.Encoding.UTF8.GetBytes(param);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "POST";
request.ContentLength = byteData.Length;
request.ContentType = "application/x-www-form-urlencoded";
request.CookieContainer = cc;
Stream s = request.GetRequestStream();
s.Write(byteData, 0, byteData.Length);
s.Close();

HttpWebResponse response = (HttpWebResponse)request.GetResponse();
receiveData = response.GetResponseStream();

[dbug]

You always use the same csrf_token value. I've accessed the web page you use and I've seen that this token changes every time you try to login. You cannot use the same value for all connections. Maybe this token is assigned to your session the first time you access, and is valid until the session expires. You should try to get the current token value before sending the login request.

[hers19]

I have tried to get it with this code:

WebRequest wr = WebRequest.Create("http://bakcell.com/en/login");
WebResponse rs = wr.GetResponse();
Stream s = rs.GetResponseStream();
StreamReader srt = new StreamReader(s);
receiveData = srt.ReadToEnd();
string csrf = receiveData.Substring(receiveData.IndexOf("signin[_csrf_token]"), 32);


But when i request the server occur this error: The remote server returned an error: (401) Unauthorized. i cant understand when i request with webBrowser it responses normally but when i request from my windows application it responses 401 error code

[dbug]

By the way, do you have permission to do an automated login to this site ? does this site belong to you ? this doesn't seem the good way to access resources from a program. Normally there should be another interface (WebServices or something like that) for application access if it's permited...

The 401 answer is right. You are not authenticated, so you are not authorized to access and the server sends the login page after the 401 error. Browsers also receive the same answer.

[Momerath]

They are probably looking at the requester information (what browser, what os) and determining that you are not a known browser type, thus rejecting you. You'll probably have to modify the User-Agent string. You'll need to use the HttpWebRequest (I believe) to change this.

[dbug]

I don't think this is the problem. If I request the login page from Firefox, I also get a 401 error. However, the content of the error page is, in fact, the login form.

[hers19]

no, i dont have permission and it does not belong to me. I think so, for this using WebServices is better way but there is not any public interface for this in the site that is why i try this method.

But why server does not send login page to application and is there any way to request as same as browser?

[hers19]

i have modified the User-Agent string but it doesnt help... i get same result as before