hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John.M.Corro-...@jci.com
Subject Logging in using HTTPS form-based authentication
Date Wed, 17 May 2006 15:06:20 GMT
I have a situation where I'm trying to log into my bank's website which 
uses HTTPS form-based authentication.  I've tried posting the appropriate 
username/password to the appropriate URL, but the server is not 
authenticating me (keeps forwarding me to some generic error page).  I've 
considered several potential issues causing this failure, but am not quite 
sure what to do:

1. The website expects/requires you to go to the initial HTTPS protected 
login form page.  Potentially the site sets a cookie at that first page 
and validates on form submission that the cookie is present.  I've 
experimented trying to get past (if it indeed is happening) by setting the 
cookie policy on an HttpClient to BROWSER_COMPATIBLE, using that 
HttpClient to execute a GetMethod to the login form page, then using the 
same HttpClient to execute a PostMethod submitting the right 
username/password.  That didn't work.  Did the steps I executed make for 
an appropriate test?  Is there a way I can confirm what cookie policy I 
should be using? 

2. I thought I heard/read a while back that to securely post data to an 
HTTPS url, you need to initially come from an HTTPS URL as well.  Is this 
true?  If so, is using the same HttpClient instance to execute all 
GetMethods & PostMethods sufficient?

3. Is there any debugging techniques (examining header values, cookies, 
etc) I can do to verify what exactly is causing my inability to login?

John M. Corro
(414) 524-7118
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message