Gift Sourcecode: How to access SL web pages through C#

All right. With the help of several people getting my HTML knowledge about POST and cookies down pat, I can now offer this small bit of sourcecode to those who want it:


This first bit of code is "LoginCookie". You pass it the firstname, lastname, and password. It then returns a cookie that can be used later to prove who you are and that you are logged in.

        private static CookieContainer LoginCookie(string username, string lastname, string password)
        {
            string loginUri = "https://secondlife.com/account/login.php";
            string loginData = "form%5Btype%5D=second-life-member&form%5Bnextpage%5D=%2Fcurrency%2Fsell.php&form%5Bpersistent%5D=Y&form%5Busername%5D=" + username + "&form%5Blastname%5D=" + lastname + "&form%5Bpassword%5D=" + password + "&submit.x=13&submit.y=20";

            // cookieContainer is used to store the cookies used by the login
            CookieContainer cookieContainer = new CookieContainer();

            // First hit the login page
            HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(loginUri);
            req.CookieContainer = cookieContainer;
            req.Method = "POST";
            req.ContentType = "application/x-www-form-urlencoded";
            ASCIIEncoding encoding = new ASCIIEncoding();
            byte[] loginDataBytes = encoding.GetBytes(loginData);
            req.ContentLength = loginDataBytes.Length;
            Stream stream = req.GetRequestStream();
            stream.Write(loginDataBytes, 0, loginDataBytes.Length);
            stream.Close();
            HttpWebResponse res = (HttpWebResponse)req.GetResponse();
            return cookieContainer;
        }

Now, this second small bit of code allows you to use the cookie from the above to pull a webpage that only allows you to do so when logged in.

        private static string GetPage(string requestUri, CookieContainer cookieContainer)
        {
            // Then grab the content of the desired page
            HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(requestUri);
            req.CookieContainer = cookieContainer;
            req.Method = "GET";
            HttpWebResponse res = (HttpWebResponse)req.GetResponse();
            StreamReader sr = new StreamReader(res.GetResponseStream());
            return sr.ReadToEnd();
        }

How are they used? Like this:

        private void button1_Click(object sender, EventArgs e)
        {
            CookieContainer logincookie = LoginCookie(tbox_username.Text, tbox_lastname.Text, tbox_password.Text);
            string strResult = GetPage("http://forums.secondlife.com/showthread.php?t=114608", logincookie);
            
            textBox2.Text = strResult;
        }

First, you use 'LoginCookie' to login to the site and get the cookie for future use. This code only needs to be run once per session.

Next, it uses GetPage and the logincookie variable to get a web page secured behind SL's login. The last line just puts it into a textbox on the form in Microsoft Visual C#.

Hope this is useful to those who are programming, and can be used to make gadgets and whatzits that can tie into SL!

Oh, and for the record, this is NOT a hacking script. You have to have a login and password to use this, which means you could already get into SL. It's nothing more than a VERY no-frills web browser.

Enjoy!

(Thanks to Iron Perth and Alan Palmerstone for their help and information...)

Thank you for posting that, Foolish. I made myself nearly crazy a few months back trying to help Josie Hamilton figure out that exact barrier, to no avail. I am a C# developer myself (Snapzilla is all ASP.NET/C#), so this is really exciting - it opens up some new possibilities for me

Speaking of which, I need to talk to you about my play-project of the moment. IM me when you get a chance and we can trade E-mail addys.

Foolish,

Thanks so much for posting that. This will really help a lot with automatically downloading my sales transaction history. Based on your questions about this yesterday, I was able to get close, but was still having cookie issues. It totally rocks that you shared the code!

<grins> You're welcome.

While I may not give away my finished products like my signs and rave media controller in SL, I've never had a problem explaining the parts of it that make it work.

One thing I would add is that the CookieContainer and the HTTP request/response objects require adding a reference to the System.Net namespace to use them in your code, and the Stream/StreamReader needs System.IO. For the unfamiliar, little things like that can set you back for hours sometimes. I put the two static functions into a helper class for a little tray app I am writing now Thanks again for the code, Foolish.

using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;

namespace SLTray
{
    class cSL
    {
        public static CookieContainer LoginCookie(string username, string lastname, string password)
        {
            string loginUri = "https://secondlife.com/account/login.php";
            string loginData = "form%5Btype%5D=second-life-member&form%5Bnextpage%5D=%2Fcurrency%2Fsell.php&form%5Bpersistent%5D=Y&form%5Busername%5D=" + username + "&form%5Blastname%5D=" + lastname + "&form%5Bpassword%5D=" + password + "&submit.x=13&submit.y=20";

            // cookieContainer is used to store the cookies used by the login
            CookieContainer cookieContainer = new CookieContainer();

            // First hit the login page
            HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(loginUri);
            req.CookieContainer = cookieContainer;
            req.Method = "POST";
            req.ContentType = "application/x-www-form-urlencoded";
            ASCIIEncoding encoding = new ASCIIEncoding();
            byte[] loginDataBytes= encoding.GetBytes(loginData);
            req.ContentLength = loginDataBytes.Length;
            Stream stream = req.GetRequestStream();
            stream.Write(loginDataBytes, 0, loginDataBytes.Length);
            stream.Close();
            HttpWebResponse res = (HttpWebResponse)req.GetResponse();
            return cookieContainer;
        }

        public static string GetPage(string requestUri, CookieContainer cookieContainer)
        {
            // Then grab the content of the desired page
            HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(requestUri);
            req.CookieContainer = cookieContainer;
            req.Method = "GET";
            HttpWebResponse res = (HttpWebResponse)req.GetResponse();
            StreamReader sr = new StreamReader(res.GetResponseStream());
            return sr.ReadToEnd();
        }
    }

    
}

<pokes Cristiano> What? Your working on a SysTray tool too? Now we HAVE to get together. I think I have some OTHER code you may want to work with, along with some ideas.

Cool ;0

Foolish,

This code works fine with the forums, but with pages in the account section, it does not seem to work - it still is asking for login. Your test code works great, but if you change the requested page to https://secondlife.com/currency/sell.php, for example, you get the page back, but it is a page telling you that you need to log in first.

Now why would THAT be? Let me test some more.

<blinks>

Uh oh.

I can't get it to work on anything but the forums.

What the DEVIL is going on? Could there be more than one cookie?



Ok. Searching for answers. This is annoying.

AHAH! It IS storing two passwords. Perhaps one is for the forums and the other for the main site.

I'm betting more than one cookie. <sigh> Anyone else got an idea of what's going on?

LOL damn you now I have spent the past 2 hours trying to figure this out again - I hit the same roadblock in the past, and it honestly makes no sense to me. I pass all of the form fields, including hidden fields, as post to the login page, but it won't login. If you can figure this one out, I will be very pleased. Here are the fields (yes they have the word form in front of all of them):

Hidden fields and their values:
form[type]=second-life-member
form[nextpage]=/account/index.php
form[persistent]=Y

These are the form fields themselves:
form[username]
form[lastname]
form[password]

There is also a submit button:
b_submit=submit

The form is set to post back onto itself - I wonder if there is something in it that checks to see if it is originating from itself - I hope not. Good luck with figuring this out - I spent days in the past trying with all kinds of HTTP monitoring tools and could not get it to work.

Look at the cookies stored by the site. You will notice TWO password entries.

What I take this to mean is that we have multiple cookies being filtered throug the system. One for the forums, and one for the account site (at least 2).

Now, I'm trying to have C# capture and store ALL the cookies using a CookieCollection, but I'm not even getting the forums with that.

Any ideas?

...just a random observation.

Unlike the forums, the account info is on https. Does that change how things work?

[Caveat: I know very liitle about C# but I have had a lot of hassle with SSL connections in the past. ]

That is a good question - however, the login page that is used even for the forums is HTTPS.

There are a few cookies. Get the mozilla developer extension

-------------


Name __utma
Host secondlife.com
Path /
Secure No
Expires Sunday, January 17, 2038 4:00:00 PM

Name __utmb
Host secondlife.com
Path /
Secure No
Expires Sunday, June 18, 2006 2:01:14 PM

Name __utmc
Host secondlife.com
Path /
Secure No
Expires At End Of Session

Name __utmz
Host secondlife.com
Path /
Secure No
Expires Monday, December 18, 2006 12:31:09 AM

Name bblastactivity
Host secondlife.com
Path /
Secure No
Expires Friday, June 15, 2007 12:10:50 AM

Name bblastvisit
Host secondlife.com
Path /
Secure No
Expires Friday, June 15, 2007 12:10:50 AM

Name bbpassword
Host secondlife.com
Path /
Secure No
Expires Thursday, June 29, 2006 12:10:59 AM

Name bbsessionhash
Host secondlife.com
Path /
Secure No
Expires At End Of Session

Name bbthread_lastview
Path /
Secure No
Expires At End Of Session

Name bbuserid
Path /
Secure No
Expires Thursday, June 29, 2006 12:10:59 AM

Name second-life-member
Host secondlife.com
Path /
Secure No
Expires Thursday, June 29, 2006 12:10:59 AM

Name tiki-user-SecondLifeWiki
Host secondlife.com
Path /
Secure No
Expires Thursday, June 29, 2006 12:10:59 AM

Name Apache
Host secondlife.com
Path /
Secure No
Expires Monday, May 02, 2016 1:18:56 PM

Name CP
Host secondlife.com
Path /
Secure No
Expires Tuesday, December 31, 2019 4:00:00 PM

Name PHPSESSID
Host secondlife.com
Path /
Secure No
Expires At End Of Session

Soooo. The question is, why are only the forums functional. The cookies should all be being stored, so why is it not working?

I mean, really... It's just a browser with basic cookie support. What's the problem it's having?

Welcome to my nightmare * sigh *. Someone has to have figured it out though - isn't there some type of vending machine now that prices itself based on an exchange rate? Surely that must be scraping the web site to get its info.

Well. Only one thing for it...

<knocks on door>

"Hullo, Mr. Linden! Can I borrow a cup of clue for my Csharp pie?"



C'mon. We know this code will work for any normal website with POST logins. It must be that either is locked down to prevent this kind of thing, ot that they are using something so obscure that it's as good as a securing function.

Either way, I must quest out and find their webmaster!

ONWARD!

have no clue what your all talking about but this thread reads like a great spy novel. I cant wait to read the rest

<shoots Mr. Armitage for knowing too much>

<fading sound of quickly retreating footsteps>

Ok guys. Just tried adding the section:

req.Credentials = new NetworkCredential(username + lastname, password, "secondlife.com";

Nada. Didn't HURT the forum section, but no help in the rest.

<taps finger>

I ain't got a clue. Found this code that may be useful, but it's outside my known level of C# use:

http://www.codeproject.com/cs/internet/httpwebrequest_response.asp

From what I have been able to decipher, seems that some sites forward themselves to a new page after the POST. They then add more cookies. This system seems to allow that.

Could THAT be the problem?

Ok. Posted in answers and in the MS forums:

/139/08/114801/1.html

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=485360&SiteID=1

<sigh> I'm at a standstill until I hear something at this point. I just don't have the background to figure this one out.

The SL site does not use standard authentication - that is what you use NetworkCredential with. It is using a cookie based session authentication. I cannot figure out why it is not working - it should be by all accounts.