Logging in to my site opens a new tab? - asp.net

I've been working on my personal website as of late, and even thought it's not a big problem because I'm the only one that sees it, it's annoying nonetheless.
Whenever I go to my login page, it all works fine. If I enter a bad username/password, it will just print a simple text message error(intended). But, if I login correctly, then instead of redirecting to the root of my website as I intend, it will instead create a new tab in firefox and from there it will be in / (which is correct). The problem is why does it create a new tab? I didn't even think forms were capable of such a thing:
My full login page is at http://lastyearswishes.com/login The gist of it is:
<form method="post" target="/login">
Username: <input type="text" name="username" /> <br />
Password: <input type="password" name="password" /> <br />
<input type="submit" name="Submit" />
</form>
And my server side code is also very simple:
if(RouteID=="login"){
if(AuthenticationModule.Login(Form["username"],Form["password"],false)){
//logged in correctly
Response.Redirect("/"); //just go to the root of my site
}else{
Write("You fail at life");
}
}

«target="/login"» means "open in window named «/login»". If it doesn't exist, a new one is opened. I think you meant to use
<form method="post" action="/login">
HTML Form Element

Related

How can I request data with device access code for default gateway router 5268AC?

I would like to write a script that can collect data from the router, in this case 5268AC. So far, I've been able to use response.get() to get information from URLs that do not require device access code to see information. To get information about Wifi, for example, the default SSID, I need to enter the access code located on the router via the browser. I keep getting error 500 when trying request.post(url).
url="http://192.168.1.254/xslt?PAGE=C_2_1"
From inspection, I believe this is the form I'm trying fill. The key value is ADM_PASSWORD.
<h2>Login</h2>
<p>Device access code required. Please enter the device access code, then click Submit.</p>
<form name="pagepost" method="post" action="xslt?PAGE=login_post" id="pagepost">
<input type="hidden" name="NONCE" value="0abc59f54121398" />
<input type="hidden" name="THISPAGE" value="" />
<input type="hidden" name="NEXTPAGE" value="C_2_1" />
<input type="hidden" name="CMSKICK" value="" />
<div>
<div class="form-group">
<label for="ADM_PASSWORD">Access code</label>
<span>
<input type="password" id="ADM_PASSWORD" name="ADM_PASSWORD" size="16" maxlength="16" autofocus="autofocus" required="required" autocomplete="off" />
</span>
</div>
</div>
<p align="right">
<input type="submit" class="button" value="Submit" />
I tried this but got 500 status error.
payload = { 'ADM_PASSWORD':'*access code*' }
response = requests.post(url, headers=headers, data=payload)
Is there a way to be able to collect information via requests instead of using GUI?
First in Chrome/Firefox you can use DevTools (tab: Network) to see what browser sends when you login.
Form has action="xslt?PAGE=login_post" so you should send to
url = "http://192.168.1.254/xslt?PAGE=login_post"
It is relative path - so if you would open page ie. http://http://192.168.1.254/login/ then it would need
url = "http://192.168.1.254/login/xslt?PAGE=login_post"
You have to send all input which you see in form - especially hidden.
Sometimes it may need even submit.
And you should use name= as key, not id=
payload = {
'NONCE': '0abc59f54121398',
'THISPAGE': '',
'NEXTPAGE': 'C_2_1',
'CMSKICK': '',
'ADM_PASSWORD': '*access code*'
}
If you use post() with data= or json= then it should automatically set correct value in Content-Type and Content-Length and you don't have to set it in headers.
You may also first run get() to page with form because it may set cookies which server/device may also check.
Problem can be only if page uses JavaScript to generate some extra data in form and it would need to use Selenium - but it would need to write all with Selenium
Sometimes I send request to https://httpbin.org/post and it sends me back all headers, cookies, post data which it get from me and I can compare it with data which I see in DevTools.
Evetually I use local proxy server Charles and use it in browser and in Python to see if code sends the same data as browser.

Send HTTP POST to another website from my site

I am trying to send http post request from my site to another site
This is the detail i have the action page i have but its not below
POST COMMENT;
name=user&pass=password&form_build_id=form-od3MFMsKIL_5vCQtPmiv0AVf0tFwBuWj6iW7eP2-8&form_id=user_login_block&op=Log+in
Then on my site
I placed a html code:
<form action="http://sitename.com" method="post">
<input name="user" pass="pass" form_build_id="form-od3MFMsKIL_5vCQtPmiv0AVf0tFwBuWj6iW7eP2-8" form_id="user_login_block&op=Log+in" />
<input type="submit" />
</form>
Then when i send submit it goes to the login page but it doesnt fill in the user and pass.
Can someone tell me what im doing wrong.
You're misusing <input> tags.
You need to have a separate <input> tag for each value in the POST:
<input name="name" value="user" />
...

Posting data to ASP.NET application

I have an application into which I wish to allow users to enter login details for their own websites. One of authentication methods is 'forms'. The way I had envisaged it working, is the users entering the method & action of their login form, and the name/value for each credential item, e.g. one for username, one for password. My application would then post this data in order to simulate a login, get the returned authentication cookie and be able to work on their site as if logged in.
In principle, this sounded like a reasonable kind of thing to do. However, as I'm sure you're aware, ASP.NET has a lot of inputs, and also hidden ones, e.g. __VIEWSTATE, which are all always posted back to the server whenever the ASP.NET form is submitted e.g. when a real user logs in. When my app tries to login however, it doesn't have the full list of inputs on that page, and their values, e.g. the always changing __VIEWSTATE.
My question: is there a way to post data to an ASPX page, posting only certain inputs, and excluding others, e.g. __VIEWSTATE?
If the page were, say, PHP it would probably look like this:
Ex. 1:
...
<div id="header">
<form action="search.php" action="POST">
<div id="search">
<input type="text" name="query" id="SearchQueryText" value="Search query" />
<input type="button" name=submit" id="SearchSubmitButton" value="Search!" />
</div>
</form>
<form action="login.php" action="POST">
<input type="text" name="uname" id="Username" value="Username" />
<input type="text" name="passwd" id="Password" value="Password" />
<input type="button" name=submit" id="LoginSubmitButton" value="Login" />
</form>
...
</div>
...
in ASP.NET Web Forms, however, through the use of server controls, it'd probably look like:
Ex. 2:
...
<body>
<form name="AspNetForm" method="post" action="/Products/SomethingOrOther.aspx" id="Form" enctype="multipart/form-data">
<div id="header">
<div id="search">
<input type="text id="ctl00$SearchComponent$SearchBox" name="ctl00$SearchComponent$SearchBox" value="Search query" />
<input type="submit" id="ctl00$SearchComponent$SearchSubmit" name="ctl00$SearchComponent$SearchSubmit" value="Search!">
</div>
<div id="login">
<input type="text id="ctl00$LoginComponent$Username" name="ctl00$LoginComponent$Username" value="Username" />
<input type="text" id="ctl00$LoginComponent$Password" name="ctl00$LoginComponent$Password" value="Password">
<input type="submit" id="ctl00$LoginComponent$LoginSubmit" name="ctl00$LoginComponent$LoginSubmit" value="Login">
</div>
</div>
...
</form>
</body>
...
With example 1, submitting the login form is a simple case of POSTing uname=something&passwd=somethingelse to login.php, however, in ASP.NET, because all inputs are wrapped in a 'global' <form>, to submit the login inputs, you have to submit the global form, and therefore all the inputs.
So what I'm after, is a way to submit only certain inputs in that global form, e.g. not __VIEWSTATE, which we can't know without probing the page beforehand.
You can use AJAX to post back the values to a specific page. In general, Web Forms is designed to post back all data on the page when you trigger a server side event. You then choose which elements/values to use in your code. If you don't want to use view state on a element, you can disable it (e.g. EnableViewState=False).
You can use asp.net page same as asp classic.
In html action you can put the aspx page from and then you have to take that.
then you can use request object of asp.net to retrive data from form. Same you can create a html form in string and put that via putting it into panel control.
Then you can asp.net button as submit button.

IE not offering to save passwords on my login page

I'm developing a basic login page in ASP.NET.
The page includes an email field, a password field and a submit button.
For some reason Internet Explorer doesn't offer to remember the login info, while other browsers such as Firefox & Chrome do.
For other pages (Gmail, Twitter etc.) IE als offers to remember password.
Please note that I am not using a username that I previously asked IE not to remember the password for.
Basically, how does IE recognize a login page, and why won't it recognize mine as such?
Thanks
I had similar problem while developing simple login form which submits itself by tag <a> instead of <input type="submit">. But the form was not developed under ASP.NET (which i do not know what is).
The problem was solved thank to the following article: http://blogs.msdn.com/b/ieinternals/archive/2009/09/11/troubleshooting-stored-login-problems-in-ie.aspx
The article discusses main prolems with occurence of "remember password" dialog in IE. My case was number 5 in that article. I inserted AutoCompleteSaveForm() method before submit() one and IE started to display the dialog.
Breafly speaking, the incorrect form code was:
<form action='javascript:void(0)' method='post' id="form_id" >
<input type="text" id="login_text" /><br/>
<input type="password" id="password" /><br/>
Login
<form/>
The correct one was:
<form action='javascript:void(0)' method='post' id="form_id" >
<input type="text" id="login_text" /><br/>
<input type="password" id="password" /><br/>
Login
<form/>
Hope this helps.
Best Regards,
Ilya.
I know this post is quite old but I was running into this same problem. My issue was that I had converted the Login control to a template and because of styling concerns I changed the default asp:Button to an asp:LinkButton.
Internet Explorer apparently looks for an <input> tag in order to save passwords. The link button renders an <a> tag so IE wasn't recognizing my Login control as a valid login form.
Hope this helps!

Really Weird ASP.Net Reserved Request.Form key name

I seem to have stumbled across a really weird issue when posting a static HTML page to an ASP.NET page:
Example:
<form action="Kiosk.aspx" method="post">
<input type="hidden" id="key" name="key" value="1234" />
<input type="hidden" id="action" name="action" value="download" />
<input id="btnGo" type="submit" value="Download" />
</form>
When I call it using
string strKioskKey = incomingWebContext.Request.Form["key"];
it always returns null - if I change both the parameters to "key1" it works sweet...
But the question is WHY? I have never heard of a reserved word for requests.
I cannot reproduce this. Your problem lies elsewhere.
You may wish to try and re-create the problem as a small standalone app, and see at what point you can reproduce it (run it locally, then on your dev/live environment).

Resources