I am wondering if it is possible to send POST data with the default browser of a computer in C#.
Here is the situation. My client would like the ability to have their C# application open their browser and send client information to a webform. This webform would be behind a login screen. The assumption from the application side is that once the client data is sent to the login screen, the login screen would pass that information onto the webform to prepopulate it. This would be done over HTTPS and the client would like this to be done with a POST and not a GET as client information would be sent as plain text.
I have found some wonderful solutions that do POSTS and handle the requests. As an example
http://geekswithblogs.net/rakker/archive/2006/04/21/76044.aspx
So the TL;DR version of this would be
1) Open Browser
2) Open some URL with POST data
Thanks for your help,
Paul
I've handled a similar situation once by generating an HTML page on the fly with a form setup with hidden values for everything. There was a bit of Javascript on the page so that when it loaded, it would submit the form, therefore posting the data as necessary.
I suspect this method would work for you.
Generate a dictionary of fields and values
Generate an HTML page with the Javascript to automatically submit when page is loaded
Write page to a temp location on disk
Launch default browser with that page
Remember though that POST data is sent plaintext as well. POST is generally the way to go for more than a couple fields, as you can fit in more data (2048 byte limit on URLs) and that your user has a friendly URL to see in their browser.
Nothing is sent as plain text when you use SSL, it is encrypted. Unless you set what the default browser is (IE, Firefox, Chrome, etc), then you'll have to figure out what the default browser is and use its API to do this work (if it's possible).
What would probably be must faster and more efficient would be to open the default browser by invoking a URL with Start Process and pass the information on the query string (this is doing a GET instead of a POST, which I know isn't what you're asking for).
The response from the server could be a redirect, and the redirect could send down the filled-out form (storing the values in session or something similar).
That way the complexity is pushed to the website and not the windows application, which should be easier to update if something goes wrong.
HTH
Can you compile your logic in C# and then call it from PowerShell? From PowerShell you can very easily automate Internet Explorer. This is IE only but you might be able to also use WaitnN.
Anything you put at the end of the URL counts as the querystring, which is what GET fills. It is more visible than the POSTed data in the body, but no more secure with regard to a sniffer.
So, in short, no.
Related
I am developing an ASP.NET application. But i would like to hide the URL so user don't know on which page he or she standing. Is their any solution?
Use Server.Transfer . It doesn't change the URL.
Server.Transfer happens without the browser knowing anything, the browser request a page, but the server returns the content of another.
Server.Transfer() should be used when:
we don't need to show the real URL where we redirected the request
in the users Web Browser
we want to transfer current page request to another .aspx page on the
same server
we want to preserve server resources and avoid the unnecessary
roundtrips to the server
we want to preserve Query String and Form Variables (optionally)
There is no solution unless you can force the user to browse only from a restricted environment in which you can control what software is installed or run. Even if you force the user to use a specific browser, they could use a tool like Fiddler to see what URLs they are going to.
When a user has completed a form the user is redirected to the thank you page. The thank you page shall render it's view, but also download a file (pdf / a stream).
I would prefer to do this without using javascript like this
return both a file and a rendered view in an MVC3 Controller action and I would prefer to get the Save As dialog.
Has MVC any conventions that can handle this?
As #BenRobinson pointed out, you can't return two responses from a single request. No, MVC doesn't have any conventions to handle this because it's a fundamental limitation of the platform you're developing on, the Internet, and specifically the TCP/IP and HTTP protocols.
Fundamentally, the web revolves around what's called the request-response cycle. A client (usually a web browser) issues a request to a server, and that server responds with the requested resource. What you're talking about would be akin to request-response-response, which is not possible. The server cannot just up and send a response to a client without first receiving a request.
As a result, your options are:
Use JavaScript to programmatically issue another request, such as by setting location.href as the accepted answer on your linked question suggests.
Provide a link/button/whatever to allow the user to initiate a request for the file manually.
That's it. Either way, you need a new request, either initiated by JavaScript or the end user to get the file.
Did you tried meta refresh Trick.
<META HTTP-EQUIV='REFRESH' CONTENT='5;URL=http://www.example.com/test.txt'>
Remember to set the header Content-Disposition: attachment for the file that you want to download in browser.
I have a program that opens a web browser control and just displays a web page from our server. They can't navigate around or anything.
The users are not allowed to know the credentials required to login, so after some googling on how to log into a server I found this:
http://user_name:password#URL
This is 'hard coded' into the web browsers code. -It works fine.
HOWEVER: Some smart ass managed to grab the credentials by using WireShark which tracks all the packets sent from your machine.
Is there a way I can encrypt this so the users cannot find out?
I've tried other things like using POST but with the way the page was setup, it was proving extremely difficult to get working. -(Its an SSRS Report Manager webpage)
I forgot to include a link to this question: How to encrypt/decrypt the url in C#
^I cannot use this answer as I myself am not allowed to change any of the server setup!
Sorry if this is an awful question, I've tried searching around for the past few days but can't find anything that works.
Perhaps you could work around your issue with a layer of indirection - for example, you could create a simple MVC website that doesn't require any authentication (or indeed, requires some authentication that you fully control) and it is this site that actually makes the request to the SSRS page.
That way you can have full control over how you send authentication, and you need never worry about someone ever getting access to the actual SSRS system. Now if your solution requires the webpage to be interactive then I'm not sure this will work for you, but if it's just a static report, it might be the way to go.
i.e. your flow from the app would be
User logs into your app (or use Windows credentials, etc)
User clicks to request the SSRS page
Your app makes an HTTP request to your MVC application
Your MVC application makes the "real" HTTP request to SSRS (eg via HttpClient, etc) and dumps the result back to the caller (for example,it could write the SSRS response via #HTML.Raw in an MVC View) The credentials for SSRS will therefore never be sent by your app, so you don't need to worry about that problem any more...
Just a thought.
Incidentally, you could take a look here for the various options that SSRS allows for authentication; you may find some method that suits (for e.g Custom authentication) - I know you mentioned you can't change anything on the server so I'm just including it for posterity.
I have an ASP.NET website and a seperate C# application. The application writes data to a file, the website populates the treeview with the data in the file. I populate the treeview in the page Load event.
The website checks if the file has changed. This happens from a code behind file. If the file did change, the website needs to be refreshed. I cannot use Response.Redirect because I get a
Response is not available in this context
I tried System.Web.HttpContext.Current.Response.Redirect, but this gives me a NullReference.
How can I refresh the page from a code behind file, so that it loads the right data in the treeview? Other suggestions that work but use something else than refreshing the page are welcome. Thanks in advance!
Edit: The actual problem is dynamically updating the treeview (new data = updated treeview). I have tried to do something with data from a MySql database but failed. The idea is the same, except the data isn't coming from a file but from a database. I added this because I thought this info might help users understand my problem.
you can't send data to the client from an initiative of the server.
You will have to poll (jQuery/ajax) if new data is available, then refresh from the client side.
this involves basically :
on the server
a web service, webmethod page method, custom handler, etc. that can tell if new data is available
on the client
a timer that query the server if data is refreshed, and, in this case, that refresh the page, or reconstruct the DOM if using some JS templating
[Edit] a bit of background :
Actually, System.Web.HttpContext.Current.Response is null because of the asynchronous model of the Http protocol. The browser emits a request "http://srv/resource", the server intercept it on the port 80 (by default), parse the request, build a response (mostlya bunch of html content) and send the response the browser. Then the connection is closed. This choice allows a great scalability, as it does not requires to keeps thousands of connections alive with nearly no data passing on it.
The impact of this, is that the web server have to knowledge of the client, other than what is send in the request. The server receive text, and send text in return.
Microsoft has created the ASP.Net framework to reproduce the RAD feeling of desktop applications. You think with controls and events, not in producing html flow like ASP or PHP. They succeeded in the sense, that, building web apps are quite similar to desktop development.
The quite is actually what is causing you some confusion. Even if the asp.net framework encapsulate most of the plumbing (viewstate is the key) to simulate this behavior, asp.net will, at least, still be a parser for request text that produces a html text to send to the client, in one shot.
So you have to cheat. You can, as I suggested, automate the browser (using javascript) to wrap this asynchronous work into a "dynamic" application.
You can't successfully use a FileSystemWatcher from within a webpage.
The instance of the page lives just long enough to handle a single request. And after that request has been served, you can't issue a redirect. The browser will not be listening anymore.
You need to do polling from your webpage, using the date you last read that file. If the Last Modified date of that file has changed from what you remember, you will need to refresh your page.
How would I go about doing the following...
I want to build a web service for my application to grab a piece of data from an external website, that requires the user to login. The website has no public API , hence the reason for the scraper.
Is there a library to perform the following functions? or what do I do?
automate fill-in form, auto click
Automate submit button
check which URL the user has landed
on, and redirect user to URL
Grab data from label.
EDIT: what im asking for is there a web service, library etc to make it easier to perform screen scraping/automation functions???
Instead of filling a form and virtually clicking buttons, you should look at the source of the form, and figure out how the data is being submitted. In most cases you can simply send a post request with the log in data. If there is something special besides a simple post request, I use this addon to figure out what requests are being done that you can't see. Using C#, I would use the HttpWebRequest class because it handles cookies for you.
If the website does not ban robots, you can use YQL to simulate everything you need. However, it can be a bit difficult or impossible as you basically have to implement a text-only browser within JS.