0

Scenario: I have an internal ASP.NET site that allows me to maintain a set of rules (CRUD). To add a new rule I simply fill out a HTML form and click submit. My current issue is that I now need to add a few hundred rules and I want to use a script to automate this.

Initial plan:

  • Create a script that can take X number of arguments and use these to fake a form submittal of the above web page
  • Create a comma-separated file (or similar) with one row per rule and each column represents one of the input tags in the HTML form
  • Create another script that can use the comma-separated file to execute the form-submittal script once for every row

My attempts has centered around curl, and worked well against an online testing page. Unfortunately I'm not able to get it to work against the ASP.NET page and I'm guessing this has to do something with Postback and/or Viewstate.

Snippet:

curl -s -u "DOMAIN\user:password" --ntlm -d "key1=value1" -d "key2=value2" http://internal/page.aspx

(Returns the page as if using a GET, no error messages)

Question:

How can I trick the ASP page that I'm sending a Postback? (alternative scripting suggestions are welcome as well)

EDIT:

Snippet from ASP page: 

<asp:LinkButton ... runat="server" OnClick="lbAddRule_Click" PostBackUrl="~/Page.aspx" />

Snippet from code behind:

protected void lbAddRule_Click(object sender, EventArgs e) {
  if (Page.IsValid == true) {
    AddRule(x,y,z);
Improve this question
3
  • Do you need an actual postback or just a post (this is something you'd be able to check if you have access to the page source)? A good first stab would be to parse the ViewState input field(or fields) from the page and submit those along with your request. That might be enough to make the page think it's a postback. Also, if this is pretty straight up CRUD, would it be easier to just insert stuff directly into whatever database backs this application? Commented May 7, 2012 at 18:08
  • @R0MANARMY I've added code snippets from the web page. Seems my assumption on the "if (Page.IsPostBack)" clause was a little premature, although I didn't get closer to a solution. Unfortunately I do not have access to the database, that would have made scripting a whole lot easier. Commented May 7, 2012 at 20:54
  • If you really don't want to do this by hand, you could try recording a couple of regular posts using firebug, seeing which variables change (ideally just the fields you want to submit), template the post and submit whatever you need. Commented May 7, 2012 at 23:23

2 Answers 2

Reset to default
2

Taking a completely different approach, have you considered scripting the browser itself? There are a few very powerful techniques, including Selenium/WebDriver [1] and iMacros [2], both of which allow this kind of scripting.

[1] http://seleniumhq.org/docs/03_webdriver.html

[2] http://wiki.imacros.net/Browser_Automation

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Downloaded plugin to Internet Explorer, browsed a few of their demo macros and got it working (pulling data from a CSV file) within an hour. Excellent!
Sometimes you just need a different approach! Glad it's working.
1

If this is intended as a RESTful service (which you're accessing it as), you might want to consider rewriting the page that currently handles the form to be a Web Service. Then, you can use curl to access that all you want, and rewire your form so everything works as before.

Improve this answer

5 Comments

In theory, yes I could modify the web application to provide a REST or web service interface. I am however reluctant to do so due to the amount of effort involved.
The effort you spend in refactoring your code to a Web Service would be much less than the headache of figuring and maintaining the exact list of autogenerated __VIEWSTATE code necessary to interact with an ASP.NET form. See also stackoverflow.com/questions/8786362/… - it's not pretty.
@jrummell It is rather a matter of economics. Manually entering a few hundred rules can be performed in a day, whereas moving a web service solution through development phases to production (not counting subsequent maintenance) will cost at least a weeks effort.
If you really want to go down that road, you may end up turning around if you can't get the right __VIEWSTATE hash. ASP.NET added that little gem to make it difficult to do exactly what you are attempting. It's somewhat of a security feature.
"somewhat" is an understatement. Security is a significant feature of __VIEWSTATE.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.