eventvalidation error for screen scraping
I'm trying to scrape the login page of a site I work on and submit a username/password via code to log into the site. I want to do this in a checking service for site health reasons. I'm running into a few issues, the first of which deals with getting this message:
Exception information:
Exception type: ArgumentException
Exception message: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.
I've found sites that say I'd have to turn eventvalidation off, but I don't want to do that for security reasons. Is there a way to get around this?
Here is the code. I basically took it right off K. Scott Allen's article here: http://odetocode.com/Articles/162.aspx
StringBuilder sb = new StringBuilder();
var encryptedConnectionString = Glob开发者_Python百科alDataObject.EncryptSecure("conn string here", GlobalDataObject.Seed);
sb.AppendFormat("client_id={0};", "client");
sb.AppendFormat("client_directory={0};", "client");
sb.AppendFormat("user_id={0};", "12");
sb.AppendFormat("conn_string={0};", encryptedConnectionString);
StringBuilder cookiesString = sb;
HttpWebRequest webRequest = WebRequest.Create("http://localhost/site/login.aspx?c=client") as HttpWebRequest;
webRequest.Headers.Add("Cookie", cookiesString.ToString());
StreamReader responseReader = new StreamReader(
webRequest.GetResponse().GetResponseStream()
);
string responseData = responseReader.ReadToEnd();
responseReader.Close();
// extract the viewstate value and build out POST data
string viewState = ExtractViewState(responseData);
string postData = string.Format("__VIEWSTATE={0}&Login1$Password={1}&Login1$UserName={2}&Login1$LoginButton={3}",
viewState,
HttpUtility.UrlEncode(username),
HttpUtility.UrlEncode(password),
"Log In");
// have a cookie container ready to receive the forms auth cookie
CookieContainer cookies = new CookieContainer();
// now post to the login form
webRequest = WebRequest.Create("http://localhost/site/login.aspx") as HttpWebRequest;
webRequest.Method = "POST";
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.CookieContainer = cookies;
// write the form values into the request message
StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
webRequest.AuthenticationLevel = AuthenticationLevel.None;
// we don't need the contents of the response, just the cookie it issues
webRequest.GetResponse().Close(); ///ERROR HAPPENS HERE
// now we can send out cookie along with a request for the protected page
webRequest = WebRequest.Create("http://localhost/site/user/home.aspx") as HttpWebRequest;
webRequest.CookieContainer = cookies;
responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
// and read the response
responseData = responseReader.ReadToEnd();
responseReader.Close();
return responseData;
Thanks.
The idea of this error is that it's looking out for requests that are malformed in way that might compromise the app. Being as how it's a login page, I bet you're not trying to pass in unencoded HTML or something.
Edit: Capture the built-up event validation data and send that back with the login request, same as the viewstate.
精彩评论