Hello,

I'm migrating an ASP page of ours onto our new ASP.NET C# site. There's a script on the page that refers to "WinHttp.WinHttpRequest.5.1" that was given to us buy one of our vendors (they don't support it though) for purposes of connection/validation, and I'm having trouble converting this script to C# (or should I be starting from scratch?). Following is the ASP script. If someone could tell me whether I should be able to convert this and still use WinHttp.WinHttpRequest.5.1 or whether I should be looking at using a different object (and what that might be), I sure would appreciate the help:

<%


'Utilizes WinHttpRequest.5.1


    Dim oWinHttp

    Dim sHTML,sJSTORHost,sPath,sTargetSite,sTargetURL,sTargetHost,sUsername,sTargetISSN,sReqip,sQuery,sStatus



    '##Set Basic variables   

    sVENDORHost = "logon.vendor.org"

    sUserName = Request.ServerVariables("REMOTE_ADDR")

    sPath = "/" & sTargetHost & sPath

   

    '##Generate the URL to VENDOR

    sReqString = "http://" & sVENDORHost & "/logon/remote" & sPath & "?cred=" & "user(" & sUsername & ")" & sTargetISSN & sReqip & sQuery

   

    '##Create the WinHttp Object

    Set oWinHttp = Server.CreateObject("WinHttp.WinHttpRequest.5.1")

    oWinHttp.open "GET", sReqString

   

    '##Set "WinHttpRequestOption_UserAgentString"

    oWinHttp.option(0) = "VENDORremote 1.3 " & oWinHttp.option(WinHttpRequestOption_UserAgentString)

   

    '##Set "WinHttpRequestOption_EnableRedirects" Off

    oWinHttp.option(6) = vbFalse

   

    '## Send the Request

    oWinHttp.Send



    '## Put the Response status into a variable for later use

    sStatus = oWinHttp.Status

   

    '## Put the Response Text into a variable

    sHTML = oWinHttp.ResponseText

   

    '## Check the Response Status Code

    If sStatus = "302" Then '##Redirect from VENDOR sent

        '## Put the Location Response Header into a variable

        sLocation = oWinHttp.GetResponseHeader("Location")

        '## Kill the WinHttp Object

        Set oWinHttp = Nothing

        '## Redirect the client

        Response.Redirect sLocation

   

    Else

        '## Kill the WinHttp Object

        Set oWinHttp = Nothing

        '## Replace local paths with VENDOR Paths

        sHTML = Replace(sHTML,"src=""","src=""http://" & sVENDORHost)

        sHTML = Replace(sHTML,"href=""","href=""http://" & sVENDORHost)

        '## Output whatever is returned

        Response.Write sHTML

    End If

   

%>

Thank you in advance.

 --Will

Hi,

Have u Tried WebRequest,Webresponse.Above code seems to be server to server Hit.

http://www.worldofasp.net/tut/WebRequest/Working_with_HttpWebRequest_and_HttpWebResponse_in_ASPNET_114.aspx

http://www.c-sharpcorner.com/UploadFile/mahesh/WebRequestNResponseMDB12012005232323PM/WebRequestNResponseMDB.aspx

 Thank you for the reply! I'll give that a try today and post back with my reults.

--Will

 After much work (and learning!) I got it to work with HttpWebRequest (& -Response) as you suggested!

 Here is my final code (for anyone else learning this)  that worked for me, as compared to what I posted above:

 void Page_Load(Object Src, EventArgs E) {

           string VENDORauthenticated = (Session["bolAuthenticated"]).ToString();
           if (VENDORauthenticated != "True")
           {
               Response.Redirect("http://www.myurl.org/Authentication.aspx?" + Request.ServerVariables["SCRIPT_NAME"]);
           }

           else
           {


               //Authenticate to VENDOR via ASP.NET

               //6/17/2009

               //Utilizes HttpWebRequest & HttpWebResponse

               //Make this page require authentication to access


               //Remove the authorization for subsequent attempts to access during the same session in case the browser is left open
               Session.Abandon();

               //##Set Basic variables 
               string sHTML;
               string sVENDORHost;
               string sPath;
               string sUserName;
               int jStatus;
               string sStatus;
 

               sVENDORHost = "logon.VENDOR.org";

               sUserName = Request.UserHostAddress;

               sPath = "/";



               //##Generate the URL to VENDOR
//#Note that the pieces of this URL will be specific to your own application; I only slightly changed it here from my real one as a hopefully better example...

               string sReqString = "http://" + sVENDORHost + "/logon/remote" + sPath + "?cred=" + "user(" + sUserName + ")";

               //##Create the HttpWebRequest Object


               HttpWebRequest VENDORrequest = (HttpWebRequest)WebRequest.Create(sReqString);
               


               //##Set HttpWebRequest User Agent info

               VENDORrequest.UserAgent = "VENDORremote " + Request.ServerVariables["HTTP_USER_AGENT"];



               //##Turn HttpWebRequest Redirects off--this should depend on your own situation, but since in this case our VENDOR is going to send us the new URL we requested anyway, we don't need to be redirected by them


               VENDORrequest.AllowAutoRedirect = false;

               //##Create the HttpWebResponse Object

               HttpWebResponse VENDORresp = (HttpWebResponse)VENDORrequest.GetResponse();



               //## Put the Response status into a variable for later use

               jStatus = (int)VENDORresp.StatusCode;
               sStatus = jStatus.ToString();



               //## Put the Response Text into a variable

               sHTML = VENDORresp.StatusDescription;



               //## Check the Response Status Code

               if (sStatus == "302")
               { //##Redirect from VENDOR was sent, so put the Location Response Header into a variable

                   string sLocation = VENDORresp.GetResponseHeader("Location");

                   //## Kill the HttpWebRequest and HttpWebResponse objects

                   VENDORrequest = null;
                   VENDORresp = null;

                   //## Redirect the client

                   Response.Redirect(sLocation);
               }


               else
               {

                   //## Kill the HttpWebRequest and HttpWebResponse objects

                   VENDORrequest = null;
                   VENDORresp = null;

                   //## Replace local paths with VENDOR Paths

                   sHTML = sHTML.Replace("src=\"", "src=\"http://" + sVENDORHost);

                   sHTML = sHTML.Replace("href=\"", "href=\"http://" + sVENDORHost);

                   //## Output whatever is returned

                   Label1.Text = "An error has occurred: " + sHTML;
                   

               }
           }
            


           Session.Abandon();

The "bolAuthenticated" is a session variable I set in my Global.asax file, as so:

    void Session_Start(object sender, EventArgs e)
    {
       
        // Code that runs when a new session is started
        Session["bolAuthenticated"] = false;

    }

On the initial login page, "bolAuthenticated" is checked to see if it has been set to "True" or not. If so, then the rest of the page script proceeds. If not, then the use is forwarded to an authentication page where the user has to type in a password, which (if valid) will set the bolAuthenticated session variable to "true" and forward the user back to the login page, allowing the rest of the login script to proceed. The initial login page URL is persisted onto the authentication page so the user can be redirected back again (and the authentication page can therefore be used for any number of login pages). All as per the script as seen up above:

           string VENDORauthenticated = (Session["bolAuthenticated"]).ToString();
           if (VENDORauthenticated != "True")
           {
               Response.Redirect("http://www.myurl.org/Authentication.aspx?" + Request.ServerVariables["SCRIPT_NAME"]);

It's also important to use the "Abandon.Session" command at various points on both pages to make sure that the "bolAuthentication" variable gets set back to false, so that other people can't scroll back through the open browser and get access without entering their own password.

Anyway, the  HttpWebRequest and HttpWebResponse really made this work for me with my migration.

Thanks again!

-_Will

 Great. I don't fully understand the purpose, but if it works, it works.

A minor nitpick...

string VENDORauthenticated = (Session["bolAuthenticated"]).ToString();
if (VENDORauthenticated != "True")

using strings for boolean criteria is a bit yucky. You have a bool, you want a bool, and there's no reason to turn into a string

  bool VENDORauthenticated = (bool)Session["bolAuthenticated"];
  if (!VENDORauthenticated)

 Ah-hah! Thanks for that. I don't recall off-hand why I changed it to a string (I was testing something at some point...), but you're right, I can just keep the test as boolean.

--Will

 Just as a follow-up, I have indeed changed that line back to a bool...

 Also, the purpose of the script for those who may be wondering is to allow our users to have access to one of our subscription databases. We don't use any kind of proxy server for that, so we have our users enter their password in order to authenticate with us, and then when approved the script above queries the database's site (using the variables specified) which then returns a coded URL based on those variables that is then provided and redirected for the user to actually gain access to the database. Without the proxy server option (not good for us at this time), this was the alternative means allowed us by our database vendor.