If I have a Selenium test which is currently logged in (with HTTP Authentication) to a particular website, how can I cause the remote browser to forget the current authentication so that I can log in as a different user (while remaining within the same test)?
Is this basic authentication? If it is, you can modify the basic auth header in your request to log in as a new user. You'll have to use Selenium server as a proxy in order to modify the request headers, however.
It depends how you are handling authentication.
If you are doing it via a cookie that gets checked server side you could do deleteCookie or if you want to delete all of them on the page you could do deleteAllVisibleCookies
If you are keeping it within a JavaScript you could just use getEval and delete whats in the variables.
Related
I have just started to learn C# and Asp.Net and I have a specific project in mind but I need to be able to manipulate cookies client side and I can't find good documentation for this so I decided to ask for help to get a starting point.
I want to make a desktop application that is a little to complex for my actual knowledge but I need a starting point: I need to be able to load a list of usernames and passwords and proxies and proxyuser and proxy pass. This little part of the application will use the accounts and proxies to login to a webpage using httpclient. When I send a GET request to the login page I get back a response that contain some hidden parameters that I must assign to some variables and a cookie. I don't know how to save that cookie in a location that I choose (the application folder under the "cookies" folder) with the name that I choose (the username used for login should be the name of that cookie). After I sort thru the response I have to send a POST request to the server with all the hidden parameters and the user and pass parameters and the cookie. The server will send back a response with another cookie that I want to save in the same location as the first one with the same name (overwritten ). This cookie will be used later in the program to do other actions on that server under that login. All this requests must use a certain proxy with its credentials, proxy that will change every time I use a new login.
I managed to find out how to use the HTTP Client from Asp.Net Web API to send the get req or to post but I have no idea how to get such a control over cookies that the site want to store on my computer and how to use different private proxies for each login... I did all the above using PHP and CURL and is very easy to control the cookies using cURL but I need to do it in C# and make a desktop app so ... Asp.Net Web API and HTTP Client is the key I think...
Please give me a hand to start my project and don't dismiss my question just because I'm to noob with .net or c# :)
Thank You!
Get this library http://nuget.org/packages/Microsoft.Net.Http/
Create an instance of HttpClientHandler. It has a CookieContainer property. You can set all the cookies you want in there.
Create an instances of HttpClient as pass the HttpClientHandler instance into the constructor.
All HTTP requests you make with HttpClient will now have the cookies attached.
I am trying to invoke an SSL based Report server url from within a flex application. I cannot enable Anonymous authentication due to SQL 2008 R2 RS. I am passing credentials with the header by adding Authentication Basic encoded(uname:pwd) header.
The first call that goes out as post comes back with a valid response and my toolbar on top of reports show up fine. But the subsequent calls that the report server url makes internally to get style sheet and the main content etc goes out without the Authentication header, so I get a response back with Unauthorized and user is prompted to enter uname/pwd again.
Is there way to keep the credentials in the session.
No, you will have to send the credentials with every request.
Edit
So I assume your call opens a new window (HTML) where your report will be rendered.
The credentials for Basic Authorization is requested once by the browser first, it keeps it on memory and sends it for you on the next requests.
Try opening a new window and setting the credentials to the browser first, not to the request. Call your link and the browser will take care of that for you.
Here's the situation, I've got a console application that needs to run once a day and make a few requests to pages that require authentication to view. The pages are hosted in a really basic ASP.Net Web Application.
So, I know that in order for the requests to go through successfully I have to authenticate with the server. So I've hooked up the console application to the ASP.Net Membership Provider I'm using for the web app and it successfully determines if a set of a credentials are valid. However, after calling Membership.ValidateUser() any requests I make just get the login screen. After doing some reading it seems that this is because I'm missing the important cookie information that persists my login or what-have-you.
I'm using a basic WebClient to make the requests and then reading/discarding the result.
So the meat of the question is this: Is there a simple way to validate the login information and hold on to it so that I can make the requests successfully, or is this the exact same case as the other two questions I found that require the WebClient to make a "manual" login request to the login.aspx page and try to hold on to the cookie from there?
The questions I'm referencing are:
Authenticating ASP.NET MVC user from a WPF application
and
Login to website and use cookie to get source for another page
With FormsAuthentication the webserver has to generate a Forms Authentication Ticket for you. The best (only?) way to do this is to log into the site, so I'd just log in like the other questions.
If the intent is to send data to the server and/or get data from the server, then the most logical architecture is probably to create a web service using either ASMX or WCF. Then configure the service to use a security token, such as a username token or a SAML token. This will make the client less likely to break when the server code changes its data model.
Otherwise, if you wish to use only a basic WebClient, then you will have to find a way to pass your credentials to the login page and retain the login cookie that is returned from the login request. Then, make sure that the login cookie is included on all subsequent requets, similar to the Stack Overflow question that you referenced, "Login to website and use cookie to get source for another page".
We are implementing a single sign on mechanism in an enterprise environment, where the token is shared between applications using HTTP header. Now, in order to do the integration test, I need to write an application to simulate this.
Is there any way in ASP.NET where I can redirect to another web-page and pass a custom HTTP header in the process?
Thanks
You need to create a page on Site B that Site A redirects the user too that sets a cookie with the desired value.
for instance.
http://siteb.com/authenticate.aspx?authtoken=15128901428901428904jasklads&returnUrl=http://siteb.com/index.aspx
authenticate.aspx would set a cookie and then every request would receive authtoken.
The server could send the HTTP header to the client on a redirect, but the client would not send it back to the other remote server.
The ideal solution in this case would be to use a Cookie, or a QueryString variable. Cookies may suffer from cross-domain issues and become complicated if host names are different enough.
In any of these approaches, one must be careful not to create a security hole by trusting this information as it is user input coming back from the client (or some black hat).
How do I use the App Pools Crendentials to authenticate a WebRequest?
I have a web site that call a page from itself, but I keep getting 401....
I don't think that is going to work. What type of authentication are you using for this website? You might consider making a mirror page of the one you are requesting, opening up the security for that page, but requiring a token to be passed in the URL. You could store the token in cache before you make the request, and then compare when the request comes in.
Why are you doing this, to print PDFs or something?