how get status code of a POST (302 object moved)

nkat

Member
Joined
Jun 29, 2022
Messages
18
Programming Experience
1-3
Hello!
consider the following scenario

an intranet website requires authentication. This is a form based authentication that returns a cookie that is used in consecutive requests to the website. When the form with a correct password is submitted via POST the site gives back this (see the picture below). Here, POST gets cookie assigned to it and this is the authentication cookie to be used. Also, notice how there are 2 results: one with Status = 302 and another one with Status = 200
d-4uJ4DQj72IPvTHEn6orpn4QGEvzpWCjPG9g2sPDs-o_9DxT6tPSzJe4jVTFEOWQuCytuGw4T4JhEs0_eA3m7eIgacijKHZ264HOhUTK_D2drBitt7vekFm98aw1SqjeS9660pBntBe0Sx1s-jwIXs


Below there’s a code that obtains the cookie

obtain cookie:
using System.Net;

var formVariables = new List<KeyValuePair<string, string>>();
formVariables.Add(new KeyValuePair<string, string>("login_maintenance", "$MAINTENANCE\\root"));
formVariables.Add(new KeyValuePair<string, string>("pwd_maintenance", "changeme1"));
var cookieContainer = new System.Net.CookieContainer();
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = cookieContainer;
var formContent = new FormUrlEncodedContent(formVariables);

HttpClient client = new HttpClient(handler);
var response =  Task.Run(() => client.PostAsync("http://localhost/app/admin/login.asp?act=login&s=DEFAULT", formContent)).Result;

string ServerCookieValue = "";
foreach( Cookie c in handler.CookieContainer.GetAllCookies())
{
    ServerCookieValue = c.Value;
    break;
}

Console.WriteLine(ServerCookieValue);


This works well, but to handle a wrong password the code needs to know the StatusCode of the first request. However, response.StatusCode always gives me just OK status without 200 or 302 code, no matter the right or wrong password as if this is the status of the second Result
1658481897229.png

Would someone please tell me how to get 302 Status of the first Result?
 
Why do you even have to worry about having the wrong password? I thought that you were an admin with the super user admin password trying to scrape that page? You should be informed at all times about the state of the password? Or are you not really on the official list of people of is supposed to have that password?
 
Hello!
Don't worry about that as 1) I certainly am 2) the app runs on my VM 3) using this example I'm just learning C# just like I'm reading A. Freemans book and asking around other C# related questions
Now, when we are certain that nothing goes on against any law, would you care to give an advice that relates to the issue?
 
Last edited:
Back
Top Bottom