Linked Questions

Popular Questions

Trouble pulling cookies thru MSXML on secure website

Asked by At

I am trying to pull cookies from a secure website that I will then login & download docs from using winhttp with the cookies. I can login successfully thru IE, but I need to download the documents "silently". I've done this succesfully on one other site & I am trying to replicate the method. The key before was to send the login script line on my send statement. This time I'm not getting any cookies back. But I'm not sure how to tell if I'm authenticating correctly.

When I send thru the string I think is correct I get a content-length of 139932, when I send one I know will fail I get Content-Length: 8706. So something seems to be happening, but no cookies come. I'm using the same basic code as the other job that works, just customizing the headers.

strUrl = "https://policy.velocityrisk.com/login.aspx?ReturnUrl=%2f"    
Set XMLHTTP = CreateObject("MSXML2.serverXMLHttp")
XMLHTTP.Open "POST", Trim(strUrl), False            'post request
XMLHTTP.setRequestHeader "Cache-Control", "no-cache"
XMLHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
XMLHTTP.setRequestHeader "Referer", 
"https://policy.velocityrisk.com/login.aspx?ReturnUrl=%2f"
 "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
 XMLHTTP.setRequestHeader "Accept-Language", "en-US"
 XMLHTTP.setRequestHeader "Accept-Encoding", "gzip , deflate, br"
XMLHTTP.setRequestHeader "Host", "policy.velocityrisk.com"
XMLHTTP.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
XMLHTTP.setRequestHeader "Connection", "keep-alive"
XMLHTTP.setRequestHeader "Content-Length", "632"
XMLHTTP.setRequestHeader "Upgrade-Insecure-Requests", "1"
XMLHTTP.Send strAuthenticate
  While XMLHTTP.ReadyState <> 4
  Sleep 1000
  Wend

 strHeaders = XMLHTTP.getAllResponseHeaders()
Debug.Print strHeaders

Where strAuthenticate looks like

strAuthenticate = "__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTczMDIxMzI4NQ8WAh4OSXNTeXN0ZW1JblRlc3RoFgICAw9kFgQCBQ8PFgIeCEltYWdlVXJsBRp%2BXEltYWdlc1xWZWxvY2l0eV9sb2dvLmpwZ2RkAg0PZBYCAgMPDxYCHgRUZXh0BTUmY29weTsgV2F0ZXJTdHJlZXQgQ29tcGFueSAyMDE5LiBBbGwgcmlnaHRzIHJlc2VydmVkLmRkZAORdupkttjyAbR%2FQlVf%2Bp3NAh5%2F&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEdAAX2Ij4yfCg8Y30E3S3Eqyyc8VklVdzG4s%2FiHDNMch2m9g6cbZuZV%2FeBRVrjmM1xbCNwqSoE6vOBYOvmhKXLU5mU%2B5y5Vq4V5va3AqJ7ynUhz4Fpi%2F%2Br%2BnbGylFevanXta3FVMki&HiddenFieldWindowId=&AquantLogin%24UserName=MYUSERNAMEHERE&AquantLogin%24Password=MYPASSWORDHERE&AquantLogin%24LoginButton=Log In"

I've taken this from Firefox LiveHeaders & Fiddler although the two programs show a slightly different version, but I've tried both. UserName & passwords I know are correct. I login perfectly on the website thru IE. How can I tell or get an authentication response code & know If I'm logged in or not? It might be that I need to pull the cookies from the subsequent page (although I don't think so).

Here's my response header: STATUSCODE:200 OK Cache-Control: private Date: Mon, 11 Feb 2019 20:31:23 GMT Content-Length: 141406 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-UA-Compatible: IE=Edge,chrome=1

Thank you in advance.

Related Questions