1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Login using C#

Discussion in 'XenForo Development Discussions' started by Johan Ehrendahl, Sep 22, 2014.

  1. we are trying to login into our studio forums using C#, and it doesn't work (We get
    Error 503 (Server is unavailable)). Any ideas if its possible and/or how to make it work?

    note: It doesn't work with POST through the web-browser either.

    Cheers! :)

    HttpWebRequest http WebRequest.Create("http://reperio-studios.net/index.php?login/login") as HttpWebRequest;
    http.Host "reperio-studios.net";
    http.KeepAlive true;
    http.Method "POST";
    http.AllowAutoRedirect true;
    http.Referer "http://reperio-studios.net/index.php";
    http.Accept "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
    http.UserAgent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 OPR/24.0.1558.61";
    http.ContentType "application/x-www-form-urlencoded";
    string postData "login=" labelName.Text "&register=0&password=" writableField1.GetText() + "&remember=1&cookie_check=0&redirect=%2F&_xfToken=";
    byte[] dataBytes UTF8Encoding.UTF8.GetBytes(postData);
    http.ContentLength dataBytes.Length;

    using (Stream postStream http.GetRequestStream())

    HttpWebResponse httpResponse http.GetResponse() as HttpWebResponse;
    http WebRequest.Create("http://reperio-studios.net/") as HttpWebRequest;
    http.CookieContainer = new CookieContainer();
    http.AllowAutoRedirect false;
    HttpWebResponse httpResponse2 http.GetResponse() as HttpWebResponse;
                catch (
    Exception ex)
    MessageBox.Show(ex.Message"Catch Debug");
  2. Jeff Berry

    Jeff Berry Well-Known Member

    What do you mean by this? It certainly works by post through the web browser, as that is how you are able to login to XF.

    I don't think the xfToken is optional. That could be part of your problem, though I don't believe that would cause a 503 error.
  3. With or without the xfToken, it doesn't' work on the C# code (still gives 503 error). And trough the web-broswer, I mean via POST (which is the URL it creates to login), not clicking on the actual login button.
    An example of what I'm talking about:
  4. JackBauer

    JackBauer Member

    I think your problem is you are not POSTing anything.

    That is an HttpGet request (the form data is in the query string). To do an HttpPost, just submit a form with the fields to the login URL:

    <form action="index.php?login/login">
    <input type="text" name="login" />
    <input type="password" name="password" />
    The xfToken field is not required. If you want to redirect after authentication, include a field named redirect.
  5. Jeff Berry

    Jeff Berry Well-Known Member

    This is incorrect. Please see XF's documentation and source code. All POST requests require a token. However, for guests (which is what he will be until he logs in) the token is not validated.

    Also, he is trying to login using a custom C# application, so I don't think a redirect is relevant. His will be more of a JSON response.
    * Checks a request for CSRF issues. This is only checked for POST requests
    * (with session info) that aren't Ajax requests (relies on browser-level * cross-domain policies).
    * The token is retrieved from the "_xfToken" request param.
    * @param string $action
    protected function _checkCsrf($action)
        if (isset(
    self::$_executed['csrf'] = true;

        if (!

        if (
    $this->_request->isPost() || substr($this->getResponseType(), 02) == 'js')
    // post and all json requests require a token
    The example you've sent just links me to your homepage, I'm not sure what you're trying to show there.

    There are only four places in XF's source code that throw a 503 error.

    1) If an upgrade is currently pending (the files you've uploaded don't match the version stored in the database, this is most likely not the case)
    2) If your board is not active (which it obviously is, because I'm able to see it)
    3) If news feeds are disabled and you try to view a user's news feed
    4) Similarly, if trying to view recent activity and news feeds are disabled

    You're positive it was a 503 error? From the login process I can see the potential for a 405 error if your request is not a POST. Cookies are also required. Is your C# application properly creating and storing a cookie before it makes the request?

Share This Page