This is as days pass by, by Stuart Langridge

And this is Why I'm not using ASP.NET, written , and concerning JavaScript and the DOM, Web, and Rants

Well, there are lots of reasons why I'm not using ASP.NET. The reason today, though, is that it seems to be impossible to post to an ASP.NET website using a non-browser tool such as wget or Python's urllib. There's a huge __VIEWSTATE form variable, and links seem to call a JavaScript function called __doPostBack(). Of course, it requires JavaScript to work. This is shit. Yes it is. Fortunately, __doPostBack() doesn't do anything very complicated in the page I want to manipulate. Sadly, though, I've tried POSTing what I think the output of the form will be to the URL, and I get no love from it at all. Lots of <H1>Bad Request</h1> and the like. Has anyone dealt with this problem?

Comments

gilmae

I've not ever had a great need to test replicating what doPostBack is doing, which is just creating two new form variables on the fly. Mostly because I have always contrived to avoid using doPostBack by using standard submit buttons.

However, I did a quick test by capturing the headers for a login form and pasting them into telnet, and got back pretty much what I would have if I was posting from the browswer.

They only thing I can imagine needing to note is that you do need to url encode the __VIEWSTATE, __EVENTHANDLER, and __EVENTARGUMENT variables.

Merlin

What I usually do in such situations is to sniff what is actually sent by a browser. The quickest way is to run a netcat nc -l -p 1234 and before posting the request, change the proxy to localhost:1234. That'll simply print the query on your console.

The other option is to use a HTTP::Proxy perl module to sniff everything going through it. I can send you my "sniffer" if you like.

Anyway, I do agree that it sucks.

Corey G.

yup, you have to send a field in your post that has the whole freakin' viewstate in it.

I wrote a tool that will let you do this from the command line if you set it up to do so.. there is a sample explaining ASP.NET viewstates here:

http://www.webinject.org/manual.html#sessid

Simon Morris

Funny you should say this...

We have a very very slow - very very boring Timesheet system at work that $BOSS is very very insistant I keep filling in.

I wrote a Python command line interface to it using cookielib and urllib2

And yep.. I had to pass a huge __VIEWSTATE variable back to the server.

The command line interface rocks though - I can fill in 5 entries in about the same time it took the ASP page to reload after changing categories.

Ross

Turn off Javascrpt in your browser and see what it does instead - because it should work without JS. The ViewState is most likely base-64 encoded and used in some cases to replace the use of Session (and obviously to remember the state of the controls on the page)*. You can run an app without viewstate, though.

* Apparently 2005 lets you store the Viewstate in the session.

sil

Ross: it doesn't. The links are javascript: links, not real links. :(

Sebastián

@Merlin: thanks! I've trying to discover what happened that I couldn't fetch an .aspx page with form data. It is nasty.

Mike Chaliy

Hehe. I do not know if there word "lamer" in the englesh. However sil is "lamer". If you will spend some more time on asp.net you will be able to see that there two types of the links. One of them is normal links and second that works with back end(javascript links). You may choose from link you like and use it. Also if you do not know in if you need something invoke on the server you can use webservices, in asp.net this is very easy, just create aspx file and place needed method in it.

sil

Mike: it's not my website I'm trying to manipulate. Therefore, I can't control the type of links they choose. Moreover, if there's two types of link, a good one and a broken one, why in hell would you offer both types? Just offer the non-broken one and be done with it.

Mike Chaliy

Hi, sorry I have not seen your replay.

Why you think that it broken?

1) Imagine you have AJAX form with link that you would like to use like a button that does not redirect, but simly changes state of the form (e.g. Open/Show Details, Navigate through wizard steps, etc). This is case when you can use postback links. They are very useful in this scenario. Okay, I am sure that you can use simple link to do this, But what is the point to do more work?

2) Get im mind MVC/MVP pattern, if you would like to encapsulate navigation logic. How you perform this without postback? Sure, you can generate script, but if logic is very complex you will need to make AJAX call to the server... This also will add unneeded complexity.

3)..., I can prove additional comments, but in real life you simply need to start play with asp.

Dano

You should be using asp.net and there are plenty of support sites like aspdotnetatoms.com that offer free snipplets of code and tutorials.

This website belongs to Stuart Langridge. Contact details are available. Don't eat yellow snow. Valid HTML5, at least in theory, except for the bits that aren't because I'm that futuristic that I'm ahead of the spec, oh yes. HTML5 help from Bruce Lawson, among others. Fonts from the superb FontSquirrel. End.