Home/ Questions/Q 9210533
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T01:06:08+00:00

I have the following code which connects to my php server and retrieves data

  • 0

I have the following code which connects to my php server and retrieves data from it. The only thing is, I need to send the username and password securely from this webrequest to the PHP server. Looking at the docs for the webrequest class, there is a credentials property as well as a preauthenticate property. I’m assuming these are for the network credentials (all my users are in AD).

Is it possible to secure this post request with credentials or is this just a bad idea? I’ve also found SetBasicAuthHeader – I’ll read up on this and see if it might help. All traffic will be on SSL from ASPX site to the PHP site

    // variables to store parameter values
    string url = "https://myphpserver.php";

    // creates the post data for the POST request
    string postData = "Username=" + username + "&Password=" + "&UID=" + UniqueRecID;

    // create the POST request
    HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
    webRequest.Method = "POST";
    webRequest.ContentType = "application/x-www-form-urlencoded";
    webRequest.ContentLength = postData.Length;

    // POST the data
    using (StreamWriter requestWriter2 = new StreamWriter(webRequest.GetRequestStream()))
    {
        requestWriter2.Write(postData);
    }

    //  This actually does the request and gets the response back
    HttpWebResponse resp = (HttpWebResponse)webRequest.GetResponse();

    string responseData = string.Empty;

    using (StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream()))
    {
        // dumps the HTML from the response into a string variable
        responseData = responseReader.ReadToEnd();
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    SetBasicAuthHeader is for HTTP Basic Access Authentication so won’t help here as you’re handling authentication at application level. Really, this is no more insecure than just going to the page in a browser. I see you’re using SSL so your request will be encrypted anyway and you have nothing to worry about.

    If you’re concerned for some other reason (although I can’t think why), it sounds like you have control over the PHP end so you could just encrypt the password and add an extra POST parameter so the server knows to decrypt it.

    • 0