I am trying to achieve a successful POST to an ASPX (ASP.NET) page (an external site) using cURL.
Since I don’t care much for the looks of the page (it is all done on the server side), I am not sending ANY the arguments
__VIEWSTATE, __EVENTVALIDATION, __EVENTTARGET, and __EVENTARGUMENT, not even empty, but I do send the real data.
How crucial is it to POST these arguments to the ASP.NET server?
I am not an ASP.NET programmer, but I might suspect that __EVENTVALIDATION might give me some hard time here(?). Or is this something between the browser and the server that I don’t need to care much for?
If this is crucial, how can I imitate these variables so the server accepts POSTS?
In general, you can not eliminate these values.
The ViewState and the EventValidation are critical – unless the other side has disabled them. If the other side use them and do not find them on postback, a throw error appears, and it depends on the program how it handles it.
The ViewState contains information that the page needs to use after the postback.
The EventValidation contains a key that validates the postback controls to be sure that you do not try to trigger any command that does not have permission, or send any argument that does not have permission to run.
Let’s gives you an example: Let’s say that I have a control that send a number, 43, and a button that trigger the postback, and I ask the information for id 43. The EventValidation takes care that you can not make a script and ask for all the numbers with any id and get any result that you may think.