Board index » delphi » HttpSendRequest for secure login

HttpSendRequest for secure login

I'm trying to automate a login to a secure site (which I normally access
manually with a username/password) using the functions in wininet.dll.

I can establish a secure HTTP connection using InternetOpen, InternetConnect
and HttpOpenRequest with the INTERNET_DEFAULT_HTTPS_PORT and
INTERNET_FLAG_SECURE flags in the right place.

The trouble comes when I call

HttpSendRequest (hReq, NIL, 0, PChar(strPostHeader), Length(strPostHeader));

where strPostHeader is a string in the format
'username=xxxxxxx&password=yyyyyyy'.

Subsequent calls to HttpQueryInfo(QUERY_RAW_HEADERS) and InternetReadFile
yield 'bad request' messages (which I've included at the end).  So, where am
I going wrong?  I don't know enough about Javascript to be confident about
the format of the data I'm posting.  Is the format for username and password
as above correct?  Is there a way to find out exactly what format the server
is expecting or is it just trial and error?

One anomaly is that it seems I have to specify the servername as
'www.xxxxxx.com'  for InternetConnect.  Using the format
'https://www.xxxxxxx.com' produces no connection whatsoever!  Also, I've
studied the Javascript in the source html of the webpage I use for manual
login and decided that the ObjectName for HttpOpenRequest should be
'/pkmslogin.form'  Am I getting this much right?  Any help gratefully
received as I'm pulling my hair out going round in circles with this.
Apologies for the length of post.

Thanks,

Rich Bouchard

Here follows the Html source for the manual login page and the 'bad request'
messages from the header and InternetReadFile buffers...

****************************************************************************
*****************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0040)https://www.xxxxx.com/yyyyyy/zzzzzz/ -->
<HTML><HEAD><TITLE>Authentication</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META http-equiv=refresh content="120;
URL=/pkmslogout?filename=timeout.html">
<SCRIPT language=JavaScript>
<!--
// validate form contents before submitting
function checkForm()
{
 if (document.login.username.value=="")
 {
  alert("UserID field is empty");
  return false;
 }
 if
((!document.login.username.value=="")&&(document.login.password.value=="")&&
(document.login.passcode.value==""))
 {
  alert("Please enter either a Password or SecurID");
  return false;
 }
 else
 {
  // password and username only
  if((!document.login.password.value=="") &&
(document.login.passcode.value==""))
  {
   document.login.tokenuser.value="";
  }

  // Securid and passcode only
  if((document.login.password.value=="") &&
(!document.login.passcode.value==""))
  {
   document.login.tokenuser.value=document.login.username.value;
   document.login.username.value="";
  }

  // pass all fields
  if((!document.login.password.value=="") &&
(!document.login.passcode.value==""))
  {
   document.login.tokenuser.value=document.login.username.value;
  }
  return true;
 }

Quote
}

// is browser/OS supported
function validateSystem()
{
 // is browser Java enabled?
 if (!navigator.javaEnabled())
  alert("Your browser is not Java Enabled - this may prevent the
authentication procedure from being successfully completed  ");

 // which browser version?
 var browser=navigator.appName;
 var version=parseInt(navigator.appVersion);

 osName=navigator.userAgent;
 var flag=osName.search("Win");

 document.login.username.focus();
 return;

Quote
}

-->
</SCRIPT>

<META content="MSHTML 5.50.4807.2300" name=GENERATOR></HEAD>
<BODY vLink=#999999 aLink=#999999 link=#999999 bgColor=white
onload=validateSystem()>
<FORM name=login onsubmit="Javascript:var result = checkForm(); return
result"
action=/pkmslogin.form method=post AUTOCOMPLETE="off"><INPUT type=hidden
size=15
name=tokenuser>
<TABLE height="10%" cellSpacing=0 cellPadding=0 width="100%" border=0>
  <TBODY>
  <TR vAlign=bottom>
    <TD width="80%"><FONT face="Verdana, Arial, Helvetica, sans-serif"
      color=#000099 size=4>WebSAFE Login</FONT></TD>
    <TD width=*><IMG height=30 src="/logo.gif" width=150
    align=right></TD></TR>
  <TR>
    <TD bgColor=#000099 colSpan=2 height=5><FONT
      face="Verdana, Arial, Helvetica, sans-serif"
  color=#000099></FONT></TD></TR></TBODY></TABLE>
<TABLE height="77%" cellSpacing=0 cellPadding=0 width="100%" border=0>
  <TBODY>
  <TR vAlign=center>
    <TD>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
        <TBODY>
        <TR vAlign=center>
          <TD width=24>&nbsp;</TD>
          <TD width=120><FONT face="Verdana, Arial, Helvetica, sans-serif"
            color=#000099 size=2><STRONG>User ID</STRONG></FONT></TD>
          <TD width=24>&nbsp;</TD>
          <TD><INPUT tabIndex=10 size=15 name=username></TD></TR>
        <TR>
          <TD width=24>&nbsp;</TD>
          <TD width=120><FONT face="Verdana, Arial, Helvetica, sans-serif"
            color=#000099 size=2><STRONG>Password*</STRONG></FONT></TD>
          <TD width=24>&nbsp;</TD>
          <TD align=left><INPUT tabIndex=30 type=password size=15
            name=password></TD>
          <TD width=160><FONT face="Verdana, Arial, Helvetica, sans-serif"
            color=#000099 size=2><STRONG>Or PIN+SecurID</STRONG></FONT></TD>
          <TD width=24>&nbsp;</TD>
          <TD width="40%"><INPUT tabIndex=45 type=password size=15
            name=passcode></TD></TR>
        <TR>
          <TD>&nbsp;</TD></TR>
        <TR>
          <TD>&nbsp;</TD></TR>
        <TR>
          <TD width=24>&nbsp;</TD>
          <TD width=120>&nbsp;</TD>
          <TD width=24>&nbsp;</TD>
          <TD width=150><INPUT tabIndex=40 type=submit value=Login
name=Submit></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<TABLE height="12%" cellSpacing=0 cellPadding=0 width="100%" border=0>
  <TBODY>
  <TR>
    <TD colSpan=3><FONT face=Verdana,Arial,Helvetica,sans-serif color=black
      size=2></FONT></TD></TR>
  <TR>
    <TD vAlign=center align=middle colSpan=3><FONT
      face="Verdana, Arial, Helvetica, sans-serif" color=#000099
size=1><B>Only
      Authorised Use of this System is Permitted. </B></FONT><FONT
      face="Verdana, Arial, Helvetica, sans-serif" color=#000066
size=1>&nbsp;
      <A tabIndex=60 href="/authinfo.html">more
      information</A> </FONT></TD></TR>
  <TR>
    <TD vAlign=center align=left width="20%"><A tabIndex=70
      href="/help_troubleshooting.html"><FONT
      face="Verdana, Arial, Helvetica, sans-serif" size=1>Help</A>
&nbsp;</FONT></TD>
    <TD align=right width="20%"><FONT
      face="Verdana, Arial, Helvetica, sans-serif" color=#000099
      size=1>&nbsp;<B> rsl55
&nbsp;<B>LOG01</B></B></FONT></TD></TR></TBODY></TABLE></FORM></BODY></HTML>

****************************************************************************
*******************************
HttpQueryInfo:

HTTP/1.1 400 Bad Request
Message-ID: 05647b50-7802-11d6-8ba1-0004acdebf46
Server: WebSEAL/3.7.1 (Build 31, IBMDCE, SSL GSK retail)
Connection: close
content-type: text/html

****************************************************************************
*******************************

InternetReadFile:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<!-- Copyright (C) 2000 Tivoli Systems, Inc. -->
<!-- Copyright (C) 1999 IBM Corporation -->
<!-- Copyright (C) 1998 Dascom, Inc. -->
<!-- All Rights Reserved. -->
<!--
     This is a WebSEAL error message template file.  It is used
     by the WebSEAL server to build a response when a particular
     error occurs.  This file can be modified as appropriate.

     Error details:

     * Code: 0x1898d424
     * Text: Bad Request (dce / wan)

-->
<html>
<head>
<meta http-equiv="Content-Type" content=
"text/html; charset=iso-8859-1"><!-- Enter message title -->
<title>Bad Request</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0">
<tr>
<td><a href="http://www.software.ibm.com/security/policy/"><img
src="/pics/ivlogo.gif"
width="117" height="75" align="left" border="0" alt=
"Policy Director Home"></a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td valign="bottom"><font color="#FF0000">
<!-- Enter message title --></font>
<h1><font color="#FF0000">Bad Request</font></h1>
</td>
</tr>
</table>

<p><!-- Enter error description --> The Policy Director WebSEAL server
received an invalid HTTP request.

<BR><BR><BR>

<!-- Provide background explanation -->
<H4>Explanation</H4>
<P>Possible causes for this message include:
<UL>
<LI>Incapatibility between the browser and the server.
<LI>A problem with the browser.
</UL>
<br>
<br>
<br>
<a href="/">[HOME BUTTON]</a></p>
</body>
</html>

 

Re:HttpSendRequest for secure login


Rich,

Quote
Rich Bouchard wrote:
> I'm trying to automate a login to a secure site (which I normally access
> manually with a username/password) using the functions in wininet.dll.

  There are a few different things that 'login to a secure site' can mean. If
your browser pops up a dialog box asking for a username/password then it is most
likly using http authentication which you would control with InternetConnect().

If you are talking about a site more like eBay or community.borland.com where
you type in your credentials in regular html inputs then you will have to
emulate a form POST or GET.

Quote

> I can establish a secure HTTP connection using InternetOpen, InternetConnect
> and HttpOpenRequest with the INTERNET_DEFAULT_HTTPS_PORT and
> INTERNET_FLAG_SECURE flags in the right place.

> The trouble comes when I call

> HttpSendRequest (hReq, NIL, 0, PChar(strPostHeader), Length(strPostHeader));

> where strPostHeader is a string in the format
> 'username=xxxxxxx&password=yyyyyyy'.

You need to ensure that this is the correct format for the login script. Find
the <form> tag in the html
eg:

<form action="/pkmslogin.form" method="POST">
username:<input type="text" name="username"><br>
passwd:<input type="password" name="password"><br>
<input type=hidden name=tokenuser>
<input type="submit" value="login">
</form>

You want
'username=mkelly&password=imstinky' in as the lpOptional parameter to
HttpSendRequest

It looks like the JavaScript sets tokenuser=username when you specify a passcode
too. If so it would look like:
'username=mkelly&password=imstinky&tokenuser=mkelly&passcode=imstinky'

In the example below this would be the variable frmdata:

// Please note the following code was ganked from msdn Q165298
   static TCHAR hdrs[] =
      _T("Content-Type: application/x-www-form-urlencoded");
   static TCHAR frmdata[] =
      _T("name=John+Doe&userid=hithere&other=P%26Q");
   statuc TCHAR accept[] =
      _T("Accept: */*");

   // for clarity, error-checking has been removed
   HINTERNET hSession = InternetOpen("MyAgent",
      INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
   HINTERNET hConnect = InternetConnect(hSession, _T("ServerNameHere"),
      INTERNET_DEFAULT_HTTP_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 1);
   HINTERNET hRequest = HttpOpenRequest(hConnect, "POST",
      _T("FormActionHere"), NULL, NULL, accept, 0, 1);
   HttpSendRequest(hRequest, hdrs, strlen(hdrs), frmdata, strlen(frmdata));
   // close any valid internet-handles

Quote

> Subsequent calls to HttpQueryInfo(QUERY_RAW_HEADERS) and InternetReadFile
> yield 'bad request' messages (which I've included at the end).  So, where am
> I going wrong?  I don't know enough about Javascript to be confident about
> the format of the data I'm posting.  Is the format for username and password
> as above correct?  Is there a way to find out exactly what format the server
> is expecting or is it just trial and error?

The format to send the data is specified in the form variables (the names of the
<input> tags).

Quote

> One anomaly is that it seems I have to specify the servername as
> 'www.xxxxxx.com'  for InternetConnect.  Using the format
> 'https://www.xxxxxxx.com' produces no connection whatsoever!  Also, I've

The host parameter of InternetConnect must be just a host name. Look at
InternetCrackUrl() for help parsing urls.

Quote

> studied the Javascript in the source html of the webpage I use for manual
> login and decided that the ObjectName for HttpOpenRequest should be
> '/pkmslogin.form'  Am I getting this much right?  Any help gratefully
> received as I'm pulling my hair out going round in circles with this.
> Apologies for the length of post.

The ObjectName will always be what the ever the ACTION attribute of the form is.
In this case "/pkmslogin.form"
Quote

> Thanks,

> Rich Bouchard

> Here follows the Html source for the manual login page and the 'bad request'
> messages from the header and InternetReadFile buffers...

> ****************************************************************************
> *****************************
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <!-- saved from url=(0040)https://www.xxxxx.com/yyyyyy/zzzzzz/ -->
> <HTML><HEAD><TITLE>Authentication</TITLE>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META http-equiv=refresh content="120;
> URL=/pkmslogout?filename=timeout.html">
> <SCRIPT language=JavaScript>
> <!--
> // validate form contents before submitting
> function checkForm()
> {
>  if (document.login.username.value=="")
>  {
>   alert("UserID field is empty");
>   return false;
>  }
>  if
> ((!document.login.username.value=="")&&(document.login.password.value=="")&&
> (document.login.passcode.value==""))
>  {
>   alert("Please enter either a Password or SecurID");
>   return false;
>  }
>  else
>  {
>   // password and username only
>   if((!document.login.password.value=="") &&
> (document.login.passcode.value==""))
>   {
>    document.login.tokenuser.value="";
>   }

>   // Securid and passcode only
>   if((document.login.password.value=="") &&
> (!document.login.passcode.value==""))
>   {
>    document.login.tokenuser.value=document.login.username.value;
>    document.login.username.value="";
>   }

>   // pass all fields
>   if((!document.login.password.value=="") &&
> (!document.login.passcode.value==""))
>   {
>    document.login.tokenuser.value=document.login.username.value;
>   }
>   return true;
>  }
> }

> // is browser/OS supported
> function validateSystem()
> {
>  // is browser Java enabled?
>  if (!navigator.javaEnabled())
>   alert("Your browser is not Java Enabled - this may prevent the
> authentication procedure from being successfully completed  ");

>  // which browser version?
>  var browser=navigator.appName;
>  var version=parseInt(navigator.appVersion);

>  osName=navigator.userAgent;
>  var flag=osName.search("Win");

>  document.login.username.focus();
>  return;
> }
> -->
> </SCRIPT>

> <META content="MSHTML 5.50.4807.2300" name=GENERATOR></HEAD>
> <BODY vLink=#999999 aLink=#999999 link=#999999 bgColor=white
> onload=validateSystem()>
> <FORM name=login onsubmit="Javascript:var result = checkForm(); return
> result"
> action=/pkmslogin.form method=post AUTOCOMPLETE="off"><INPUT type=hidden
> size=15
> name=tokenuser>
> <TABLE height="10%" cellSpacing=0 cellPadding=0 width="100%" border=0>
>   <TBODY>
>   <TR vAlign=bottom>
>     <TD width="80%"><FONT face="Verdana, Arial, Helvetica, sans-serif"
>       color=#000099 size=4>WebSAFE Login</FONT></TD>
>     <TD width=*><IMG height=30 src="/logo.gif" width=150
>     align=right></TD></TR>
>   <TR>
>     <TD bgColor=#000099 colSpan=2 height=5><FONT
>       face="Verdana, Arial, Helvetica, sans-serif"
>   color=#000099></FONT></TD></TR></TBODY></TABLE>
> <TABLE height="77%" cellSpacing=0 cellPadding=0 width="100%" border=0>
>   <TBODY>
>   <TR vAlign=center>
>     <TD>
>       <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
>         <TBODY>
>         <TR vAlign=center>
>           <TD width=24>&nbsp;</TD>
>           <TD width=120><FONT face="Verdana, Arial, Helvetica, sans-serif"
>             color=#000099 size=2><STRONG>User ID</STRONG></FONT></TD>
>           <TD width=24>&nbsp;</TD>
>           <TD><INPUT tabIndex=10 size=15 name=username></TD></TR>
>         <TR>
>           <TD width=24>&nbsp;</TD>
>           <TD width=120><FONT face="Verdana, Arial, Helvetica, sans-serif"
>             color=#000099 size=2><STRONG>Password*</STRONG></FONT></TD>
>           <TD width=24>&nbsp;</TD>
>           <TD align=left><INPUT tabIndex=30 type=password size=15
>             name=password></TD>
>           <TD width=160><FONT face="Verdana, Arial, Helvetica, sans-serif"
>             color=#000099 size=2><STRONG>Or PIN+SecurID</STRONG></FONT></TD>
>           <TD width=24>&nbsp;</TD>
>           <TD width="40%"><INPUT tabIndex=45 type=password size=15
>             name=passcode></TD></TR>
>         <TR>
>           <TD>&nbsp;</TD></TR>
>         <TR>
>           <TD>&nbsp;</TD></TR>
>         <TR>
>           <TD width=24>&nbsp;</TD>
>           <TD width=120>&nbsp;</TD>
>           <TD width=24>&nbsp;</TD>
>           <TD width=150><INPUT tabIndex=40 type=submit value=Login
> name=Submit></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
> <TABLE height="12%" cellSpacing=0 cellPadding=0 width="100%" border=0>
>   <TBODY>
>   <TR>
>     <TD colSpan=3><FONT face=Verdana,Arial,Helvetica,sans-serif color=black
>       size=2></FONT></TD></TR>
>   <TR>
>     <TD vAlign=center align=middle colSpan=3><FONT
>       face="Verdana, Arial, Helvetica, sans-serif" color=#000099
> size=1><B>Only
>       Authorised Use of this System is Permitted. </B></FONT><FONT
>       face="Verdana, Arial, Helvetica, sans-serif" color=#000066
> size=1>&nbsp;
>       <A tabIndex=60 href="/authinfo.html">more
>       information</A> </FONT></TD></TR>
>   <TR>
>     <TD vAlign=center align=left width="20%"><A tabIndex=70
>       href="/help_troubleshooting.html"><FONT
>       face="Verdana, Arial, Helvetica, sans-serif" size=1>Help</A>
> &nbsp;</FONT></TD>
>     <TD align=right width="20%"><FONT
>       face="Verdana, Arial, Helvetica, sans-serif" color=#000099
>       size=1>&nbsp;<B> rsl55
> &nbsp;<B>LOG01</B></B></FONT></TD></TR></TBODY></TABLE></FORM></BODY></HTML>

> ****************************************************************************
> *******************************
> HttpQueryInfo:

> HTTP/1.1 400 Bad Request
> Message-ID: 05647b50-7802-11d6-8ba1-0004acdebf46
> Server: WebSEAL/3.7.1 (Build 31, IBMDCE, SSL GSK retail)
> Connection: close
> content-type: text/html

> ****************************************************************************
> *******************************

> InternetReadFile:

> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
> <!-- Copyright (C) 2000 Tivoli Systems, Inc. -->
> <!-- Copyright (C) 1999 IBM Corporation -->
> <!-- Copyright (C) 1998 Dascom, Inc.

...

read more »

Re:HttpSendRequest for secure login


Gardner,

Thanks a million for your detailed and informative reply.  I've managed to
automate the login as a result and all is working nicely.  Of course, it's
thrown up some more questions, but I'll save those for another time...

Best regards,

Rich Bouchard.

"Gardner Lloyd Bickford III" <Gard...@TriAxialData.com> wrote in message
news:3CFD57DE.4F8BCC83@TriAxialData.com...

Quote
> Rich,

> Rich Bouchard wrote:

> > I'm trying to automate a login to a secure site (which I normally access
> > manually with a username/password) using the functions in wininet.dll.

>   There are a few different things that 'login to a secure site' can mean.
If
> your browser pops up a dialog box asking for a username/password then it
is most
> likly using http authentication which you would control with
InternetConnect().

> If you are talking about a site more like eBay or community.borland.com
where
> you type in your credentials in regular html inputs then you will have to
> emulate a form POST or GET.

> > I can establish a secure HTTP connection using InternetOpen,
InternetConnect
> > and HttpOpenRequest with the INTERNET_DEFAULT_HTTPS_PORT and
> > INTERNET_FLAG_SECURE flags in the right place.

> > The trouble comes when I call

> > HttpSendRequest (hReq, NIL, 0, PChar(strPostHeader),

Length(strPostHeader));

- Show quoted text -

Quote

> > where strPostHeader is a string in the format
> > 'username=xxxxxxx&password=yyyyyyy'.

> You need to ensure that this is the correct format for the login script.
Find
> the <form> tag in the html
> eg:

> <form action="/pkmslogin.form" method="POST">
> username:<input type="text" name="username"><br>
> passwd:<input type="password" name="password"><br>
> <input type=hidden name=tokenuser>
> <input type="submit" value="login">
> </form>

> You want
> 'username=mkelly&password=imstinky' in as the lpOptional parameter to
> HttpSendRequest

> It looks like the JavaScript sets tokenuser=username when you specify a
passcode
> too. If so it would look like:
> 'username=mkelly&password=imstinky&tokenuser=mkelly&passcode=imstinky'

> In the example below this would be the variable frmdata:

> // Please note the following code was ganked from msdn Q165298
>    static TCHAR hdrs[] =
>       _T("Content-Type: application/x-www-form-urlencoded");
>    static TCHAR frmdata[] =
>       _T("name=John+Doe&userid=hithere&other=P%26Q");
>    statuc TCHAR accept[] =
>       _T("Accept: */*");

>    // for clarity, error-checking has been removed
>    HINTERNET hSession = InternetOpen("MyAgent",
>       INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
>    HINTERNET hConnect = InternetConnect(hSession, _T("ServerNameHere"),
>       INTERNET_DEFAULT_HTTP_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0,
1);
>    HINTERNET hRequest = HttpOpenRequest(hConnect, "POST",
>       _T("FormActionHere"), NULL, NULL, accept, 0, 1);
>    HttpSendRequest(hRequest, hdrs, strlen(hdrs), frmdata,
strlen(frmdata));
>    // close any valid internet-handles

> > Subsequent calls to HttpQueryInfo(QUERY_RAW_HEADERS) and
InternetReadFile
> > yield 'bad request' messages (which I've included at the end).  So,
where am
> > I going wrong?  I don't know enough about Javascript to be confident
about
> > the format of the data I'm posting.  Is the format for username and
password
> > as above correct?  Is there a way to find out exactly what format the
server
> > is expecting or is it just trial and error?

> The format to send the data is specified in the form variables (the names
of the
> <input> tags).

> > One anomaly is that it seems I have to specify the servername as
> > 'www.xxxxxx.com'  for InternetConnect.  Using the format
> > 'https://www.xxxxxxx.com' produces no connection whatsoever!  Also, I've

> The host parameter of InternetConnect must be just a host name. Look at
> InternetCrackUrl() for help parsing urls.

> > studied the Javascript in the source html of the webpage I use for
manual
> > login and decided that the ObjectName for HttpOpenRequest should be
> > '/pkmslogin.form'  Am I getting this much right?  Any help gratefully
> > received as I'm pulling my hair out going round in circles with this.
> > Apologies for the length of post.

> The ObjectName will always be what the ever the ACTION attribute of the
form is.
> In this case "/pkmslogin.form"

> > Thanks,

> > Rich Bouchard

> > Here follows the Html source for the manual login page and the 'bad
request'
> > messages from the header and InternetReadFile buffers...

****************************************************************************

- Show quoted text -

Quote
> > *****************************
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <!-- saved from url=(0040)https://www.xxxxx.com/yyyyyy/zzzzzz/ -->
> > <HTML><HEAD><TITLE>Authentication</TITLE>
> > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> > <META http-equiv=refresh content="120;
> > URL=/pkmslogout?filename=timeout.html">
> > <SCRIPT language=JavaScript>
> > <!--
> > // validate form contents before submitting
> > function checkForm()
> > {
> >  if (document.login.username.value=="")
> >  {
> >   alert("UserID field is empty");
> >   return false;
> >  }
> >  if

((!document.login.username.value=="")&&(document.login.password.value=="")&&

- Show quoted text -

Quote
> > (document.login.passcode.value==""))
> >  {
> >   alert("Please enter either a Password or SecurID");
> >   return false;
> >  }
> >  else
> >  {
> >   // password and username only
> >   if((!document.login.password.value=="") &&
> > (document.login.passcode.value==""))
> >   {
> >    document.login.tokenuser.value="";
> >   }

> >   // Securid and passcode only
> >   if((document.login.password.value=="") &&
> > (!document.login.passcode.value==""))
> >   {
> >    document.login.tokenuser.value=document.login.username.value;
> >    document.login.username.value="";
> >   }

> >   // pass all fields
> >   if((!document.login.password.value=="") &&
> > (!document.login.passcode.value==""))
> >   {
> >    document.login.tokenuser.value=document.login.username.value;
> >   }
> >   return true;
> >  }
> > }

> > // is browser/OS supported
> > function validateSystem()
> > {
> >  // is browser Java enabled?
> >  if (!navigator.javaEnabled())
> >   alert("Your browser is not Java Enabled - this may prevent the
> > authentication procedure from being successfully completed  ");

> >  // which browser version?
> >  var browser=navigator.appName;
> >  var version=parseInt(navigator.appVersion);

> >  osName=navigator.userAgent;
> >  var flag=osName.search("Win");

> >  document.login.username.focus();
> >  return;
> > }
> > -->
> > </SCRIPT>

> > <META content="MSHTML 5.50.4807.2300" name=GENERATOR></HEAD>
> > <BODY vLink=#999999 aLink=#999999 link=#999999 bgColor=white
> > onload=validateSystem()>
> > <FORM name=login onsubmit="Javascript:var result = checkForm(); return
> > result"
> > action=/pkmslogin.form method=post AUTOCOMPLETE="off"><INPUT type=hidden
> > size=15
> > name=tokenuser>
> > <TABLE height="10%" cellSpacing=0 cellPadding=0 width="100%" border=0>
> >   <TBODY>
> >   <TR vAlign=bottom>
> >     <TD width="80%"><FONT face="Verdana, Arial, Helvetica, sans-serif"
> >       color=#000099 size=4>WebSAFE Login</FONT></TD>
> >     <TD width=*><IMG height=30 src="/logo.gif" width=150
> >     align=right></TD></TR>
> >   <TR>
> >     <TD bgColor=#000099 colSpan=2 height=5><FONT
> >       face="Verdana, Arial, Helvetica, sans-serif"
> >   color=#000099></FONT></TD></TR></TBODY></TABLE>
> > <TABLE height="77%" cellSpacing=0 cellPadding=0 width="100%" border=0>
> >   <TBODY>
> >   <TR vAlign=center>
> >     <TD>
> >       <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
> >         <TBODY>
> >         <TR vAlign=center>
> >           <TD width=24>&nbsp;</TD>
> >           <TD width=120><FONT face="Verdana, Arial, Helvetica,
sans-serif"
> >             color=#000099 size=2><STRONG>User ID</STRONG></FONT></TD>
> >           <TD width=24>&nbsp;</TD>
> >           <TD><INPUT tabIndex=10 size=15 name=username></TD></TR>
> >         <TR>
> >           <TD width=24>&nbsp;</TD>
> >           <TD width=120><FONT face="Verdana, Arial, Helvetica,
sans-serif"
> >             color=#000099 size=2><STRONG>Password*</STRONG></FONT></TD>
> >           <TD width=24>&nbsp;</TD>
> >           <TD align=left><INPUT tabIndex=30 type=password size=15
> >             name=password></TD>
> >           <TD width=160><FONT face="Verdana, Arial, Helvetica,
sans-serif"
> >             color=#000099 size=2><STRONG>Or

PIN+SecurID</STRONG></FONT></TD>

- Show quoted text -

Quote
> >           <TD width=24>&nbsp;</TD>
> >           <TD width="40%"><INPUT tabIndex=45 type=password size=15
> >             name=passcode></TD></TR>
> >         <TR>
> >           <TD>&nbsp;</TD></TR>
> >         <TR>
> >           <TD>&nbsp;</TD></TR>
> >         <TR>
> >           <TD width=24>&nbsp;</TD>
> >           <TD width=120>&nbsp;</TD>
> >           <TD width=24>&nbsp;</TD>
> >           <TD width=150><INPUT tabIndex=40 type=submit value=Login
> > name=Submit></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
> > <TABLE height="12%" cellSpacing=0 cellPadding=0 width="100%" border=0>
> >   <TBODY>
> >   <TR>
> >     <TD colSpan=3><FONT face=Verdana,Arial,Helvetica,sans-serif
color=black
> >       size=2></FONT></TD></TR>
> >   <TR>
> >     <TD vAlign=center align=middle colSpan=3><FONT
> >       face="Verdana, Arial, Helvetica, sans-serif" color=#000099
> > size=1><B>Only
> >       Authorised Use of this System is Permitted. </B></FONT><FONT
> >       face="Verdana, Arial, Helvetica, sans-serif" color=#000066
> > size=1>&nbsp;
> >       <A tabIndex=60 href="/authinfo.html">more
> >       information</A> </FONT></TD></TR>
> >   <TR>
> >     <TD vAlign=center align=left width="20%"><A tabIndex=70
> >       href="/help_troubleshooting.html"><FONT
> >       face="Verdana, Arial, Helvetica, sans-serif" size=1>Help</A>

...

read more »

Re:HttpSendRequest for secure login


In article <3CFD57DE.4F8BC...@TriAxialData.com> in newsgroup
borland.public.delphi.internet.winsock on Tue, 04 Jun 2002 17:14:22 -
0700, Gardner Lloyd Bickford III(Gard...@TriAxialData.com) said...

Quote
> Rich,

> Rich Bouchard wrote:

> > I'm trying to automate a login to a secure site (which I normally access
> > manually with a username/password) using the functions in wininet.dll.

>   There are a few different things that 'login to a secure site' can mean. If
> your browser pops up a dialog box asking for a username/password then it is most
> likly using http authentication which you would control with InternetConnect().

This is done by the server sending a WWW-Authenticate header to the
browser and the browser pops up the dialog box, gets the information and
sends it back to the server. The server then decides whether to let you
in or deny.

Quote
> If you are talking about a site more like eBay or community.borland.com where
> you type in your credentials in regular html inputs then you will have to
> emulate a form POST or GET.

Typically these sites use a session cookie to store some information on
your computer after you have logged in. How does your application handle
cookies?

--
=========================================================================
Patrick Dunford, Christchurch, NZ - http://pdunford.godzone.net.nz/

   I pray that you, being rooted and established in love, may have
power, together with all the saints, to grasp how wide and high and
deep is the love of Christ, and to know this love that surpasses
knowledge -- that you may be filled to the measure of all the
fullness of God.
    -- Ephesians 3:17-19
       http://www.SearchGodsWord.org/desk/?query=Ephesians+3:17-19

Re:HttpSendRequest for secure login


Patrick,

Thanks for the reply.  I'm happy to say, based on the guidance Gardner gave
me, I've managed to automate the login now.

Managed to do it without touching cookies, too!  No doubt I'll run into
another wall soon and I'll be back for more help...

Regards,

Rich Bouchard.

Quote
"Patrick Dunford" <to.c...@ct.me.see.signature> wrote in message

news:MPG.176a25cfac33d5ed9899dd@news.paradise.net.nz...
Quote
> In article <3CFD57DE.4F8BC...@TriAxialData.com> in newsgroup
> borland.public.delphi.internet.winsock on Tue, 04 Jun 2002 17:14:22 -
> 0700, Gardner Lloyd Bickford III(Gard...@TriAxialData.com) said...
> > Rich,

> > Rich Bouchard wrote:

> > > I'm trying to automate a login to a secure site (which I normally
access
> > > manually with a username/password) using the functions in wininet.dll.

> >   There are a few different things that 'login to a secure site' can
mean. If
> > your browser pops up a dialog box asking for a username/password then it
is most
> > likly using http authentication which you would control with
InternetConnect().

> This is done by the server sending a WWW-Authenticate header to the
> browser and the browser pops up the dialog box, gets the information and
> sends it back to the server. The server then decides whether to let you
> in or deny.

> > If you are talking about a site more like eBay or community.borland.com
where
> > you type in your credentials in regular html inputs then you will have
to
> > emulate a form POST or GET.

> Typically these sites use a session cookie to store some information on
> your computer after you have logged in. How does your application handle
> cookies?

> --
> =========================================================================
> Patrick Dunford, Christchurch, NZ - http://pdunford.godzone.net.nz/

>    I pray that you, being rooted and established in love, may have
> power, together with all the saints, to grasp how wide and high and
> deep is the love of Christ, and to know this love that surpasses
> knowledge -- that you may be filled to the measure of all the
> fullness of God.
>     -- Ephesians 3:17-19
>        http://www.SearchGodsWord.org/desk/?query=Ephesians+3:17-19

Other Threads