Login using C#

[Johan Ehrendahl]

we are trying to login into our studio forums using C#, and it doesn't work (We get
Error 503 (Server is unavailable)). Any ideas if its possible and/or how to make it work?

note: It doesn't work with POST through the web-browser either.

Cheers!

            try
            {
                HttpWebRequest http = WebRequest.Create("http://reperio-studios.net/index.php?login/login") as HttpWebRequest;
                http.Host = "reperio-studios.net";
                http.KeepAlive = true;
                http.Method = "POST";
                http.AllowAutoRedirect = true;
                http.Referer = "http://reperio-studios.net/index.php";
                http.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
                http.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 OPR/24.0.1558.61";
                http.ContentType = "application/x-www-form-urlencoded";
                string postData = "login=" + labelName.Text + "&register=0&password=" + writableField1.GetText() + "&remember=1&cookie_check=0&redirect=%2F&_xfToken=";
                byte[] dataBytes = UTF8Encoding.UTF8.GetBytes(postData);
                http.ContentLength = dataBytes.Length;

                using (Stream postStream = http.GetRequestStream())
                {
                    postStream.Write(dataBytes, 0, dataBytes.Length);
                }

                HttpWebResponse httpResponse = http.GetResponse() as HttpWebResponse;
                http = WebRequest.Create("http://reperio-studios.net/") as HttpWebRequest;
                http.CookieContainer = new CookieContainer();
                http.CookieContainer.Add(httpResponse.Cookies);
                http.AllowAutoRedirect = false;
                HttpWebResponse httpResponse2 = http.GetResponse() as HttpWebResponse;
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message, "Catch Debug");
            }

 

[Jeff Berry]

note: It doesn't work with POST through the web-browser either.

What do you mean by this? It certainly works by post through the web browser, as that is how you are able to login to XF.

I don't think the xfToken is optional. That could be part of your problem, though I don't believe that would cause a 503 error.

 

[Johan Ehrendahl]

With or without the xfToken, it doesn't' work on the C# code (still gives 503 error). And trough the web-broswer, I mean via POST (which is the URL it creates to login), not clicking on the actual login button.
An example of what I'm talking about:

http://reperio-studios.net/index.php?login/login/login=MY_USER&register=1

 

[JackBauer]

I think your problem is you are not POSTing anything.

http://reperio-studios.net/index.php?login/login/login=MY_USER&register=1

That is an HttpGet request (the form data is in the query string). To do an HttpPost, just submit a form with the fields to the login URL:

<form action="index.php?login/login">
<input type="text" name="login" />
<input type="password" name="password" />
<button>Submit</button>
</form>

The xfToken field is not required. If you want to redirect after authentication, include a field named redirect.

 

[Jeff Berry]

The xfToken field is not required. If you want to redirect after authentication, include a field named redirect

This is incorrect. Please see XF's documentation and source code. All POST requests require a token. However, for guests (which is what he will be until he logs in) the token is not validated.

Also, he is trying to login using a custom C# application, so I don't think a redirect is relevant. His will be more of a JSON response.

/**
* Checks a request for CSRF issues. This is only checked for POST requests
* (with session info) that aren't Ajax requests (relies on browser-level * cross-domain policies).
*
* The token is retrieved from the "_xfToken" request param.
*
* @param string $action
*/
protected function _checkCsrf($action)
{
    if (isset(self::$_executed['csrf']))
    {
        return;
    }
    self::$_executed['csrf'] = true;

    if (!XenForo_Application::isRegistered('session'))
    {
        return;
    }

    if ($this->_request->isPost() || substr($this->getResponseType(), 0, 2) == 'js')
    {
        // post and all json requests require a token
        $this->_checkCsrfFromToken($this->_request->getParam('_xfToken'));
    }
}

And trough the web-broswer, I mean via POST (which is the URL it creates to login), not clicking on the actual login button.
An example of what I'm talking about:

The example you've sent just links me to your homepage, I'm not sure what you're trying to show there.

There are only four places in XF's source code that throw a 503 error.

1) If an upgrade is currently pending (the files you've uploaded don't match the version stored in the database, this is most likely not the case)
2) If your board is not active (which it obviously is, because I'm able to see it)
3) If news feeds are disabled and you try to view a user's news feed
4) Similarly, if trying to view recent activity and news feeds are disabled

You're positive it was a 503 error? From the login process I can see the potential for a 405 error if your request is not a POST. Cookies are also required. Is your C# application properly creating and storing a cookie before it makes the request?