Curl Authorization On ASP.NET Site With EventValidation

Question

User1585979964 posted

Hello! Need to authorize in an ASP.NET website with curl. It has /Login.aspx webpage, it does recursive redirects and sets up cookies.

After setting up cookies Login.aspx shows login form - login, passwd there and also hidden inputs __VIEWSTATE, __EVENTVALIDATION that have base64 values.

I do insert input names and values into curl requies and send cookies file.

But page gives me error here:

$ curl -L --cookie-jar cj5 --cookie cj4 -X POST 'https://url.to/Login.aspx' \
  -d "__VIEWSTATE=/HASHbigHASHthere=" \
  -d "__EVENTVALIDATION=/theSAMEthingsHEREhashMYhash==" \
  -d "login=znavko" \
  -d "passwdline=pips11"

<!DOCTYPE html PUBLIC...>
...
...
System.ArgumentException: Invalid postback or callback argument.
 Event validation is enabled using <pages enableEventValidation="true"/&gt in configuration
 or <%@ Page EnableEventValidation="true" %&gt in a page.  
For security purposes, this feature verifies that arguments to 
postback or callback events originate from the server control 
that originally rendered them.  If the data is valid and 
expected, use the ClientScriptManager.RegisterForEventValidation 
method in order to register the postback or callback data for validation.
...

Can you advise how to use EventValidation in curl? Also is it rigt to write base64 as it is or how to escape / and =

Answer 1

User1724605321 posted

Hi znavko ,

I would suggest send a post web request as the equivalent of a CURL operation to avoid events validation error . You can use the Credentials property to assign your Username/Password credentials and the Header property to add your custom headers :

// Build a web request
WebRequest yourWebRequest = WebRequest.Create(url);
// Indicate the method was a POST
yourWebRequest.Method = "POST";

// Define your target
string yourTarget = "http://www.domain.com/YourPage.aspx";

// Build your web request
WebRequest yourWebRequest = WebRequest.Create(url);
yourWebRequest.Method = "POST";

// Build your credentials
string username = "username";
string password = "password";

// Establish credentials (if necessary)
CredentialCache yourCredentials = new CredentialCache();
yourCredentials.Add(new Uri(yourTarget), "Basic", new NetworkCredential(username, password));

// Set your credentials for your request
yourWebRequest.Credentials = yourCredentials;
// Add basic authentication headers (if necessary)
yourWebRequest.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(String.Format("{0}:{1}",username,password))));

// Build your response
WebResponse yourWebResponse = yourWebRequest.GetResponse();

// Get your response stream
using(var reponseStream = wr.GetResponseStream())
{
      // Build a reader to read your stream
      using(var responseReader = new StreamReader(reponseStream, Encoding.UTF8))
      {
            // Get your result here
            string content = reader.ReadToEnd();
      }
}               

Reference : https://forums.asp.net/t/1989307.aspx?How+to+make+cURL+request+in+asp+net 

Other options :

• HttpWebRequest/HttpWebResponse
• WebClient
• HttpClient (available from .NET 4.5 on)

Best Regards,

Nan Yu