How to obtain a request verification token cookie using HttpClient?
When my browser does a get request for this site, the request obtains a request verification token as a cookie from the server and adds it to the header of the get request. There's a picture of the cookie in question from the Chrome network tab.
This cookie/token expires when the browsing session ends. How can I use an HttpClient to obtain this token and add it as a cookie to my headers for a post request?
12 Replies
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Are you sure? My post request is rejected when I send it, and the only difference between my post request and the one chrome sends (which isn't rejected) is that chrome has that cookie
I've replicated all the other headers and the payload sent by chrome
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Hmm, I don't doubt it, because it doesn't reject my get requests even though they have no cookie
I'm trying to submit a form programatically to a site called www.anpdm.com, run by a company called Apsis, which is owned by a CRM solutions giant called Efficy
I sent a post request manually via Chrome and collected all the data from the request, then I've tried to replicate that request using HttpClient. The response gives status code 201 OK, but the content returned is an error message instead of the confirmation message I got through Chrome
In the sites HTML source I see references to such things as "publicEventRegistrationFormController", so I assume they're using an MVC format. Is it possible there's some backend authorization I'm missing here?
If so, is there some way I could do this through HttpClient? I figure if a browser can do it, then it should be possible through code too, right?
Like, establish some kind of session or handshake or something
Biggest issue is that their back-end is essentially a black box for me
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
It's not my own backend, it's a lunch order form used by the owners of our office locales for the cafeteria. I'm trying to automate our companys lunch orders.
As I said, the backend is a black box to me
I have no idea what's going on there, and no access to it
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Someone else
As I said, I have literally no access to this backend, not even any documentation
So I'm just trying to emulate what a browser does
As far as I can tell, the anti forgery token is what's holding me back
I find a lot of references to ajax using the __RequestVerificationToken for validation at least
For example, the forms submit button has one of those
I'm trying to reverse engineer this API but I'm having a hard time. Maybe using a webdriver like Selenium is a better option?
Fixed the issue using a headless selenium driver