Performing Submit Form using C #

0

The following HTML login form is available

  <form action="/Home/Login?ReturnUrl=%2f" method="post">
     <input name="__RequestVerificationToken" type="hidden" value="W3ndyLx5kkFIy_QKjOGhEYQoHFtF4kIMFxLIG42t2r5tJJKwnzCy1iMmLw8SFH6yIm7DnHiQqKAmOhKS-PSDnDDzNcfjxNWCCEDthaA5mAE1" />    
     <div  style="width: 40%; margin-left:36%;" >

    <h2>Login</h2>

    <div class="form-group">
        <label for="Usuario">Usu&#225;rio</label>
        <input class="form-control" data-val="true" data-val-required="Usuário Necessário" id="Usuario" name="Usuario" placeholder="Digite seu usuário" type="text" value="" />
        <span class="field-validation-valid" data-valmsg-for="Usuario" data-valmsg-replace="true"></span>
    </div>
      <div class="form-group">
        <label for="Senha">Senha</label>
        <input class="form-control" data-val="true" data-val-required="Senha Necessária" id="Senha" name="Senha" placeholder="Digite sua senha" type="password" />
         <span class="field-validation-valid" data-valmsg-for="Senha" data-valmsg-replace="true"></span>
      </div>

      <button type="submit" style="width: 100px" class="btn btn-success" value="Entrar">Entrar</button>
  </div>
</form>

I'm trying to login to this page using C #:

    private string Realizar(string url, string Usuario, string Senha)
    {
        string resultado = string.Empty;
        string strPost = "Usuario=" + Usuario + "&Senha=" + Senha + "&ReturnUrl=//";
        Stream myWriter = null;

        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        byte[] send = Encoding.Default.GetBytes(strPost);
        request.Method = "POST";
        request.ContentLength = send.Length;
        request.ContentType = "application/x-www-form-urlencoded";
        request.Credentials = CredentialCache.DefaultCredentials;

        try
        {
            myWriter = request.GetRequestStream();
            myWriter.Write(send, 0, send.Length);
        }
        catch (Exception ex)
        {
            return ex.Message;
        }
        finally
        {
            myWriter.Close();
        }

        var response = (HttpWebResponse)request.GetResponse();
        if(response == null)
        {
            return "Erro";
        }
        using(StreamReader reader = new StreamReader(response.GetResponseStream()))
        {
            resultado = reader.ReadToEnd();

            reader.Close();
        }

        return resultado;

    }

However, when you run the function, it returns the following exception: The remote server returned an error:

  

(500) Internal Server Error.

Can anyone help me?

    
asked by anonymous 15.09.2016 / 14:46

1 answer

1

If no html exists the input __RequestVerificationToken

<input name="__RequestVerificationToken" type="hidden" value="W3ndyLx5kkFIy_QKjOGhEYQoHFtF4kIMFxLIG42t2r5tJJKwnzCy1iMmLw8SFH6yIm7DnHiQqKAmOhKS-PSDnDDzNcfjxNWCCEDthaA5mAE1" />

Action must probably have the [ValidateAntiForgeryToken]

The purpose of this attribute is to prevent access to your application by http requests originating from other applications. Ensuring that only the views of your application are able to submit requests for the "Decorated" Action with this attribute.

When trying to submit an HTTP request to an Action with this attribute, without sending the generated code to the input __RequestVerificationToken or entering a wrong value, a 500 error is generated on the server.

For more information:

Prevent Cross-Site Request Forgery (CSRF) Attacks in ASP.NET Web API XSRF / CSRF Prevention in ASP.NET MVC and Web Pages

    
24.10.2016 / 11:27