Curl Authorization On ASP.NET Site With EventValidation RRS feed

  • Question

  • User1585979964 posted

    Hello! Need to authorize in an ASP.NET website with curl. It has /Login.aspx webpage, it does recursive redirects and sets up cookies.

    After setting up cookies Login.aspx shows login form - login, passwd there and also hidden inputs __VIEWSTATE, __EVENTVALIDATION that have base64 values.

    I do insert input names and values into curl requies and send cookies file.

    But page gives me error here:

    $ curl -L --cookie-jar cj5 --cookie cj4 -X POST 'https://url.to/Login.aspx' \
      -d "__VIEWSTATE=/HASHbigHASHthere=" \
      -d "__EVENTVALIDATION=/theSAMEthingsHEREhashMYhash==" \
      -d "login=znavko" \
      -d "passwdline=pips11"
    <!DOCTYPE html PUBLIC...>
    System.ArgumentException: Invalid postback or callback argument.
     Event validation is enabled using <pages enableEventValidation="true"/&gt in configuration
     or <%@ Page EnableEventValidation="true" %&gt in a page.  
    For security purposes, this feature verifies that arguments to 
    postback or callback events originate from the server control 
    that originally rendered them.  If the data is valid and 
    expected, use the ClientScriptManager.RegisterForEventValidation 
    method in order to register the postback or callback data for validation.

    Can you advise how to use EventValidation in curl? Also is it rigt to write base64 as it is or how to escape / and =

    Monday, September 17, 2018 11:25 AM

All replies

  • User1724605321 posted

    Hi znavko ,

    I would suggest send a post web request as the equivalent of a CURL operation to avoid events validation error . You can use the Credentials property to assign your Username/Password credentials and the Header property to add your custom headers :

    // Build a web request
    WebRequest yourWebRequest = WebRequest.Create(url);
    // Indicate the method was a POST
    yourWebRequest.Method = "POST";
    // Define your target
    string yourTarget = "http://www.domain.com/YourPage.aspx";
    // Build your web request
    WebRequest yourWebRequest = WebRequest.Create(url);
    yourWebRequest.Method = "POST";
    // Build your credentials
    string username = "username";
    string password = "password";
    // Establish credentials (if necessary)
    CredentialCache yourCredentials = new CredentialCache();
    yourCredentials.Add(new Uri(yourTarget), "Basic", new NetworkCredential(username, password));
    // Set your credentials for your request
    yourWebRequest.Credentials = yourCredentials;
    // Add basic authentication headers (if necessary)
    yourWebRequest.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(String.Format("{0}:{1}",username,password))));
    // Build your response
    WebResponse yourWebResponse = yourWebRequest.GetResponse();
    // Get your response stream
    using(var reponseStream = wr.GetResponseStream())
          // Build a reader to read your stream
          using(var responseReader = new StreamReader(reponseStream, Encoding.UTF8))
                // Get your result here
                string content = reader.ReadToEnd();

    Reference : https://forums.asp.net/t/1989307.aspx?How+to+make+cURL+request+in+asp+net 

    Other options :

    • HttpWebRequest/HttpWebResponse
    • WebClient
    • HttpClient (available from .NET 4.5 on)

    Best Regards,

    Nan Yu

    Tuesday, September 18, 2018 2:08 AM