none
Bypass siteminder page in vb.net using HttpWebResponse) RRS feed

  • Question

  • All,

      Please help. I created a vb.net web page to check if different applications page on our website our up. I've looked around and see where theirs a few fixes but it seems they are web form applications or are very complicated.  I loggin into a page that passes Siteminder authentication. I then grab the server variables and try to put them into the request objects to send to Siteminder intercepted pages for login confirmation. My code is below, please let me know of any suggestions.

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
     If Not Request.ServerVariables("HTTP_UUPIC") = "" Then

                    bValidUser = SecurityManager.Authenticate(Request.ServerVariables("HTTP_UUPIC"), Request.ServerVariables("HTTP_UUPIC"), dsUserInfo)
                    If bValidUser Then
                        ServerVariables(1)
                      'get smsession variable but value is null
                       Session("smsession") = IIf(Response.Cookies("SMSESSION").Value = Nothing, "", Response.Cookies("SMSESSION").Value)
                      TestConnection(1,URL,bConnected)
                    end if
    End sub
    Private Function TestConnection(ByVal iType As Integer, ByVal strUrl As String, ByRef bConnected As Boolean, Optional bKeepAlive As Boolean = False, Optional strOtherURL As String = "x") As Boolean
        Dim url As String = strUrl 'url of main page of target page
                    Dim uri = New Uri(url)
                    Dim cookies As CookieContainer = New CookieContainer()
                    Dim request As HttpWebRequest
                    request = WebRequest.Create(url)
                   'Add Request.ServerVariables to header in request that have http in server variable since that is what ca says it uses                  to verify login
                    ServerVariables(3, request)
                    request.AllowAutoRedirect = False
                    'set referer since check in page
                    request.Referer = "home/main.aspx"
                   'add cookie we create to request object
                    AddtoCookie(cookies, uri)
                    request.CookieContainer = cookies
                    request.KeepAlive = bKeepAlive
                    request.UserAgent = useragent
                    ServicePointManager.ServerCertificateValidationCallback = AddressOf ValidateRemoteCertificate
                    ServicePointManager.Expect100Continue = True
                    ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
                    ServicePointManager.DefaultConnectionLimit = 9999
                    Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
                      url = response.Headers("Location") 'get eauth page
                        request = WebRequest.Create(url)
                        request.AllowAutoRedirect = False
                        Dim smCookie As Cookie = New Cookie("SMSESSION", Session("smsession").ToString())
                         response = CType(request.GetResponse(), HttpWebResponse)
                        response.Cookies.Add(smCookie)
                        request = WebRequest.Create(url)
                        'do a post to page to send values
                         request.Method = "POST"
                         ServicePointManager.ServerCertificateValidationCallback = AddressOf ValidateRemoteCertificate
                        ServicePointManager.Expect100Continue = True
                        ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
                        ServicePointManager.DefaultConnectionLimit = 9999
                        request.Referer = "home/main.aspx"
                        request.CookieContainer = cookies
                        response = CType(request.GetResponse(), HttpWebResponse)
                        response.Cookies.Add(smCookie)
                       If (response.StatusCode = HttpStatusCode.OK) Then
                            Dim receiveStream As Stream = response.GetResponseStream()
                            Dim readstream As StreamReader = Nothing
                            If (response.CharacterSet = Nothing) Then
                                readstream = New StreamReader(receiveStream)
                            Else
                                readstream = New StreamReader(receiveStream, Encoding.GetEncoding(response.CharacterSet))
                            End If
                            result = readstream.ReadToEnd()

                            readstream.Close()
                          'still on Siteminder login page for some reason
                             end if
    end function

      Sub ServerVariables(ByVal iType As Integer, Optional ByRef response As HttpWebRequest = Nothing, Optional ByRef strval As String = Nothing)
      If iType = 1 Then
                Dim heads As NameValueCollection = Context.Request.ServerVariables
                Dim dthead As New DataTable
                Dim loop1, loop2 As Integer
                dthead.Columns.Add("Key")
                dthead.Columns.Add("Value")
                Dim arr1 As String() = heads.AllKeys
                Dim strkey As String
                For loop1 = 0 To arr1.Length - 1
                    strkey = arr1(loop1).ToString()
                    If strkey.IndexOf("HTTP_") <> -1 Then
                        Dim arr2 As String() = heads.GetValues(arr1(loop1))
                        If Not IsNothing(arr2) Then
                            For loop2 = 0 To arr2.Length - 1
                                dthead.Rows.Add(strkey, Server.HtmlEncode(arr2(loop2).ToString()))
                            Next
                        Else
                            dthead.Rows.Add(strkey, "")
                        End If
                    End If
                Next
                dthead.AcceptChanges()
                Session("eBudget_header") = dthead
       Else ' add header from logged in page to source page
                Dim dt As New DataTable
                dt = CType(Session("ebudget_header"), DataTable)
                For Each row As DataRow In dt.Rows
                    Request.Headers.Add(row("Key"), row("Value"))
                Next
    end if
    end sub

    Wednesday, August 14, 2019 3:05 AM

All replies