EldoS | Feel safer!

Software components for data protection, secure storage and transfer

I need to enter login and password on web page (in HTML form) before accessing the URL. How do I do this using your HTTP client?

So-called "form based authentication" (you need to enter some data to HTML form, then post this data to the site, and then you are "logged in" and can access other resources of the site) has little to do with HTTP protocol itself. You post some data to the site (which can include some authorization information), you get some information in response, then you use that information further. HTTP acts as a transport, but whatever can be called authentication goes on higher level. You need to parse HTML, possibly execute JavaScript etc. . This all is beyond HTTP.

If you have some particular site or sites that you need to login to, you can try to automate this operation.

First of all, you need to look at the source code of the web page with the login form. You need to find <form> tag and analyze, what fields (form elements have id and/or name parameter, this is how the elements are identified) are present in the form, and depending on their type, create your POST request: the page to submit the data to is specified in <form> tag, field names are taken from the form element tags (such as <input> or <textarea>) and your application provides field values. Next you use POST method of TElHTTPSClient to post the data.

The next step is to capture the cookies that are returned by the server in response to the POST operation. This is implemented by handling OnCookie event and saving the provided cookie information. Note that the cookie contains not just the cookie data itself, but also supplementary information (metadata) that tells you how to apply the cookie and the period, during which this cookie is valid.

The following step is to send this cookie when you request the target resource (for which you performed authorization). During this step you need to add the obtained cookie to RequestCookies list.

The major problem that appears it that there exist many sites which explicitly make automated authentication hard or impossible. This usually includes CAPTCHA or JavaScript that decrypts some form data on-the-fly (using JavaScript mechanisms) or encrypts the parameters passed to the server. There's no uniform solution to this problem available.

Return to the list


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!