Bypass siteminder page in vb.net using HttpWebResponse)

  • Thread starter Thread starter jtngres
  • Start date Start date
J

jtngres

Guest
All,

Please help. I created a vb.net web page to check if different applications page on our website our up. I've looked around and see where theirs a few fixes but it seems they are web form applications or are very complicated. I loggin into a page that passes Siteminder authentication. I then grab the server variables and try to put them into the request objects to send to Siteminder intercepted pages for login confirmation. My code is below, please let me know of any suggestions.

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not Request.ServerVariables("HTTP_UUPIC") = "" Then

bValidUser = SecurityManager.Authenticate(Request.ServerVariables("HTTP_UUPIC"), Request.ServerVariables("HTTP_UUPIC"), dsUserInfo)
If bValidUser Then
ServerVariables(1)
'get smsession variable but value is null
Session("smsession") = IIf(Response.Cookies("SMSESSION").Value = Nothing, "", Response.Cookies("SMSESSION").Value)
TestConnection(1,URL,bConnected)
end if
End sub
Private Function TestConnection(ByVal iType As Integer, ByVal strUrl As String, ByRef bConnected As Boolean, Optional bKeepAlive As Boolean = False, Optional strOtherURL As String = "x") As Boolean
Dim url As String = strUrl 'url of main page of target page
Dim uri = New Uri(url)
Dim cookies As CookieContainer = New CookieContainer()
Dim request As HttpWebRequest
request = WebRequest.Create(url)
'Add Request.ServerVariables to header in request that have http in server variable since that is what ca says it uses to verify login
ServerVariables(3, request)
request.AllowAutoRedirect = False
'set referer since check in page
request.Referer = "home/main.aspx"
'add cookie we create to request object
AddtoCookie(cookies, uri)
request.CookieContainer = cookies
request.KeepAlive = bKeepAlive
request.UserAgent = useragent
ServicePointManager.ServerCertificateValidationCallback = AddressOf ValidateRemoteCertificate
ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
ServicePointManager.DefaultConnectionLimit = 9999
Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
url = response.Headers("Location") 'get eauth page
request = WebRequest.Create(url)
request.AllowAutoRedirect = False
Dim smCookie As Cookie = New Cookie("SMSESSION", Session("smsession").ToString())
response = CType(request.GetResponse(), HttpWebResponse)
response.Cookies.Add(smCookie)
request = WebRequest.Create(url)
'do a post to page to send values
request.Method = "POST"
ServicePointManager.ServerCertificateValidationCallback = AddressOf ValidateRemoteCertificate
ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
ServicePointManager.DefaultConnectionLimit = 9999
request.Referer = "home/main.aspx"
request.CookieContainer = cookies
response = CType(request.GetResponse(), HttpWebResponse)
response.Cookies.Add(smCookie)
If (response.StatusCode = HttpStatusCode.OK) Then
Dim receiveStream As Stream = response.GetResponseStream()
Dim readstream As StreamReader = Nothing
If (response.CharacterSet = Nothing) Then
readstream = New StreamReader(receiveStream)
Else
readstream = New StreamReader(receiveStream, Encoding.GetEncoding(response.CharacterSet))
End If
result = readstream.ReadToEnd()

readstream.Close()
'still on Siteminder login page for some reason
end if
end function

Sub ServerVariables(ByVal iType As Integer, Optional ByRef response As HttpWebRequest = Nothing, Optional ByRef strval As String = Nothing)
If iType = 1 Then
Dim heads As NameValueCollection = Context.Request.ServerVariables
Dim dthead As New DataTable
Dim loop1, loop2 As Integer
dthead.Columns.Add("Key")
dthead.Columns.Add("Value")
Dim arr1 As String() = heads.AllKeys
Dim strkey As String
For loop1 = 0 To arr1.Length - 1
strkey = arr1(loop1).ToString()
If strkey.IndexOf("HTTP_") <> -1 Then
Dim arr2 As String() = heads.GetValues(arr1(loop1))
If Not IsNothing(arr2) Then
For loop2 = 0 To arr2.Length - 1
dthead.Rows.Add(strkey, Server.HtmlEncode(arr2(loop2).ToString()))
Next
Else
dthead.Rows.Add(strkey, "")
End If
End If
Next
dthead.AcceptChanges()
Session("eBudget_header") = dthead
Else ' add header from logged in page to source page
Dim dt As New DataTable
dt = CType(Session("ebudget_header"), DataTable)
For Each row As DataRow In dt.Rows
Request.Headers.Add(row("Key"), row("Value"))
Next
end if
end sub

Continue reading...
 
Back
Top