hi,

I am using curl for several years now to automate all kinds of http/
https uploads, downloads and form posts. A few weeks ago I was
confronted with a site that is not cooperating.

The website in question is https://myaccount.1601telecom.nl/
A site which lets you SMS messages worldwide for € 0.01 each (even
with your own phone number as sender).

This website is based on .aspx technology and uses scripting to post
the form. Which makes the problem related to an earlier post at this
list: "Post login information" from: Giuseppe Calà
<jiveaxe_at_gmail.com> dated: 2007-01-31

As far as I can see, in the last action (posting the sms message
contents) the authentication is lost. At least the response redirects
me to the login page.

Things done so far to solve the problem:
- Run without javascript (does login, opening sms page, but not
sending the sms message itself)
- Transfer viewstate information between sessions
- Run liveheaders
- Debug javascript code line-by-line with firebug
all kind of unused javascript junk is downloaded (like the
AtlasRuntime.js which is the microsoft atlas runtime framework) but I
do only see a few functions being used when the form is submitted,
then it does: verify form fields based on regular expressions, fill
out a form field with a control name (unencrypted string which is
added to the post), and submit the form.
- Seperate the cookies / Run all actions in one cookie file (= no
difference)
- Replay the actions manually (so timing is not an ussue)
- Change users agents (firefox and mozilla 4.8 tried, in the
webbrowser I am able to sent the SMS message with both)

So far, no luck when I try to post the SMS message, I am being
redirected to the login page .

Has anyone new ideas what could cause the redirection to login?

Thanks in advance and best regards,
Ceriel Jacobs

---
Some background:
---
I am currently using:
curl 7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7l  
zlib/1.2.3
Protocols: ftp gopher telnet dict ldap http file https ftps
Features: IPv6 Largefile NTLM SSL libz
---
The commands being executed:
---
(1)
/usr/bin/curl -k -L -s -e "" -c "/var/tmp/websms. 
1601telecom.nl.cookie.1.txt" -A "Mozilla/5.0 (Macintosh; U; PPC Mac  
OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" "https:// 
myaccount.1601telecom.nl/Login.aspx" | iconv -f iso-8859-1 -t utf-8
(2)
/usr/bin/curl -k -L -s -d  
"__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT&__VIEWSTATE=%% 
VIEWSTATEVAR%%&ctl00%24ContentPlaceHolder1%24LoginView1%24LoginUser% 
24UserName=%%USERNAME%%&ctl00%24ContentPlaceHolder1%24LoginView1% 
24LoginUser%24Password=%%PASSWORD%%&ctl00%24ContentPlaceHolder1% 
24LoginView1%24LoginUser%24RememberMe=on&ctl00%24ContentPlaceHolder1% 
24LoginView1%24LoginUser%24LoginButton=Login" -e "https://myaccount. 
1601telecom.nl/Login.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie. 
1.txt" -c "/var/tmp/websms.1601telecom.nl.cookie.2.txt" -A "Mozilla/ 
5.0 (Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/ 
20060111 Firefox/1.5.0.1" "https://myaccount.1601telecom.nl/ 
Login.aspx" | iconv -f iso-8859-1 -t utf-8
(3)
/usr/bin/curl -k -L -s -e "https://myaccount.1601telecom.nl/ 
Default.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie.2.txt" -c "/ 
var/tmp/websms.1601telecom.nl.cookie.3.txt" -A "Mozilla/5.0  
(Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111  
Firefox/1.5.0.1" "https://myaccount.1601telecom.nl/Profile/SMS.aspx"  
| iconv -f iso-8859-1 -t utf-8
(4)
/usr/bin/curl -k -L -s -d  
"__LASTFOCUS=&ctl00_TreeView1_ExpandState=eennnnnnn&ctl00_TreeView1_Sele 
ctedNode=&__EVENTTARGET=ctl00$ContentPlaceHolder1 
$SendSMS&__EVENTARGUMENT=&ctl00_TreeView1_PopulateLog=&__VIEWSTATE=%% 
VIEWSTATE%%&ctl00$ContentPlaceHolder1$TBPhoneNr=%%NUMBER%%&ctl00 
$ContentPlaceHolder1$DDLSMSCallerId=08001601&ctl00$ContentPlaceHolder1 
$message=%%MESSAGE%%" -e "https://myaccount.1601telecom.nl/Profile/ 
SMS.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie.3.txt" -c "/var/ 
tmp/websms.1601telecom.nl.cookie.4.txt" -A "Mozilla/5.0 (Macintosh;  
U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111 Firefox/ 
1.5.0.1" "https://myaccount.1601telecom.nl/Profile/SMS.aspx" | iconv - 
f iso-8859-1 -t utf-8
---
The cookie values:
(1)
myaccount.1601telecom.nl	FALSE	/	FALSE	0	AspxAutoDetectCookieSupport	1
myaccount.1601telecom.nl	FALSE	/	FALSE	0	ASP.NET_SessionId	 
35i3jz454bw0dk45qpvzpuec
(2)
myaccount.1601telecom.nl	FALSE	/	FALSE	0	AspxAutoDetectCookieSupport	1
myaccount.1601telecom.nl	FALSE	/	FALSE	0	ASP.NET_SessionId	 
35i3jz454bw0dk45qpvzpuec
myaccount.1601telecom.nl	FALSE	/	FALSE	939679200	.ASPXAUTH
(3)
myaccount.1601telecom.nl	FALSE	/	FALSE	0	AspxAutoDetectCookieSupport	1
myaccount.1601telecom.nl	FALSE	/	FALSE	0	ASP.NET_SessionId	 
jcxkt455qni4ilfwdw5jkn45
myaccount.1601telecom.nl	FALSE	/	FALSE	1187508242	1601	1601=%%PASSWORD%%
myaccount.1601telecom.nl	FALSE	/	FALSE	0	.ASPXAUTH	 
8B339B00406F499B901107A3FF252F9FA5BD7910D523D7A02A72B3F46AE8347CCE76D9A0 
01B02F7CA6592E404C61E1F5DEFB5ACFFE4C63F59613310C38B841BC92FD18F0E16B021D 
8F2887B915A082CE
(4)
myaccount.1601telecom.nl	FALSE	/	FALSE	0	AspxAutoDetectCookieSupport	1
myaccount.1601telecom.nl	FALSE	/	FALSE	0	ASP.NET_SessionId	 
jcxkt455qni4ilfwdw5jkn45
myaccount.1601telecom.nl	FALSE	/	FALSE	1187508242	1601	1601=%%PASSWORD%%
myaccount.1601telecom.nl	FALSE	/	FALSE	0	.ASPXAUTH	 
8B339B00406F499B901107A3FF252F9FA5BD7910D523D7A02A72B3F46AE8347CCE76D9A0 
01B02F7CA6592E404C61E1F5DEFB5ACFFE4C63F59613310C38B841BC92FD18F0E16B021D 
8F2887B915A082CE
---
When following the responses, in the last cookie the .APSXAUTH is  
cleared. This makes me think that posting the form, somewhere loses  
the .ASPX authentication:
myaccount.1601telecom.nl	FALSE	/	FALSE	0	AspxAutoDetectCookieSupport	1
myaccount.1601telecom.nl	FALSE	/	FALSE	0	ASP.NET_SessionId	 
bupyoz55dsflioruxaxane45
myaccount.1601telecom.nl	FALSE	/	FALSE	1187512013	1601	1601=%%PASSWORD%%
myaccount.1601telecom.nl	FALSE	/	FALSE	939679200	.ASPXAUTH