Home/ Questions/Q 3667100
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T01:57:35+00:00

I’m almost 100% sure I have ready every post on the internet that contains

  • 0

I’m almost 100% sure I have ready every post on the internet that contains the keywords asp login curl php .ASPXAUTH, but I have been unable to find a solution. I am more of a code hacker than elegant developer though, so I hope that someone can help me please.

I have a curl script that logs in to two other websites to submit forms from behind the login successfully. However, I’ve recently tried to use a variation of this script for a third website. It works as far as returning the first page after login but then it treats any further cURL calls as if I haven’t logged in. I discovered (well I think) that it’s to do with the .ASPXAUTH cookie not being set. I do have a cookiefile and cookiejar setup in my cURL code and it catches the .ASP.NET_SessionID successfully, but not the .ASPXAUTH cookie.

I noticed that I can see the .ASPXAUTH cookie value in the headers when I watch “Live HTTP headers” but I can’t get my cURL script to return the header with this set-cookie very easily. It seems that the cookie is set on a 302 after login and cURL is not handling this correctly. So I turned off CURLOPT_FOLLOWLOCATION and was trying to handle the redirect myself but I still can’t get it right (the server returns a really strange redirect url and I don’t think I’m doing this part right)

But I would be very grateful if someone could please help me…

Here is my code:

    //setup Curl
  $cookiename = substr($from,4,5);
  $cookiefile = $cookiename . ".txt";
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($ch, CURLOPT_HEADER, 1); 
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);

  //read login page
  curl_setopt($ch, CURLOPT_URL, "Login.aspx"); 
  $result = curl_exec ($ch);

  echo $result;



  // extract values for hidden form fields __REQUESTDIGEST __VIEWSTATE __EVENTVALIDATION fields

  //extract __REQUESTDIGEST
  $start = strpos($result,"id=\"__REQUESTDIGEST\" value=\"") + 28;
  $end = $start + 157;
  $rdigest = substr($result  , $start  , $end - $start );

  //extract __VIEWSTATE
  $start = strpos($result,"id=\"__VIEWSTATE\" value=\"") + 24;
  $end = $start + 16300;
  $vstate = substr($result  , $start  , $end - $start );
  $vstate = urlencode($vstate);

  //extract __EVENTVALIDATION
  $start = strpos($result,"id=\"__EVENTVALIDATION\" value=\"") + 30;
  $end = $start + 120;
  $event = substr($result  , $start  , $end - $start );
  $event = urlencode($event);


  //set login form values and login

  //curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_REFERER, 'Login.aspx');
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, '__REQUESTDIGEST=' . $rdigest . '&__VIEWSTATE=' . $vstate . '&__EVENTVALIDATION=' . $event . '&UserName=' . $from . '&Password=' . $password);
  $result = curl_exec ($ch);

  echo $result;

  //extract __redirect
  $start = strpos($result,"Location:") + 10;
  $end = strpos($result,".aspx") +5;
  $redirect = substr($result  , $start  , $end - $start );
                $redirect = "https://www.domain.com/" . $redirect;

  echo $redirect ."<br /><br />";

  echo $result;

  curl_setopt($ch, CURLOPT_URL, $redirect);
  $result = curl_exec ($ch);

  echo $result;

And here is the output:

    //Login page headers
HTTP/1.1 200 OK Date: Tue, 30 Nov 2010 12:57:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 81835 
//Login page body

Submit login page headers
HTTP/1.1 100 Continue HTTP/1.1 302 Found Date: Tue, 30 Nov 2010 13:40:30 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Location: /(F(RZPDiDBb9OPbTuBnj2RAgH8KglRdj4B4u8trRMpa6QbBjff4evKMtHnOFNyX046Xdr33PZA3-6dHoZjxQpeZ7aNTevF75gArtpeScCjE9fI1))/default.aspx Set-Cookie: ASP.NET_SessionId=bhugr045cyybck45xvhpeb55; path=/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 82196


//Redirect page body

//The login page body is displayed again

//More headers
HTTP/1.1 100 Continue HTTP/1.1 500 Internal Server Error Date: Tue, 30 Nov 2010 13:29:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026 

//Error message from server
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I updated my useragent line to a different user agent and suddenly the .ASPXAUTH cookie was set correctly (and automatically) in the cookie file 🙂

    In otherwords I changed this line:

    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");

    to this:

    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)");

    And now both cookies are set automatically by curl – no problem.

    Hooray!

    • 0