I'm trying to log into the website of my school using c#. Using the software Fiddler, I've managed to capture the post request my browser makes and the post request I've recreated in c#. They seem to be completly identical, however the response I get is different. Shouldn't the server theoretically respond the same way if the post request is the same, at least with the same status code? When I use my own client I get response code 200, but with my browser I get 303(which it should be).
Something I notice is that the WebForm content is much bigger in browser, but the values used in the client request are from a prior GET request. Sorry for the long post.
These are the requests captured by Fiddler:
Browser request:
POST https://www.lectio.dk/lectio/31/login.aspx HTTP/1.1
Host: www.lectio.dk Connection: keep-alive
Content-Length: 881
Cache-Control: max-age=0
Origin: https://www.lectio.dk
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Referer: https://www.lectio.dk/lectio/31/login.aspx
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-AS;q=0.9,en-DK;q=0.8,en;q=0.7,da-DK;q=0.6,da;q=0.5,en-US;q=0.4
Cookie: LastLoginExamno=31; ASP.NET_SessionId=ANTOMFZ7ZZWAYYW52OSZQYRXIBAIEGIPGILQHQ6TEJ2O5XEUTE3CAIBA; isloggedin3=N
time=0&__EVENTTARGET=m%24Content%24submitbtn2&__EVENTARGUMENT=&__SCROLLPOSITION=&__VIEWSTATEX=vQAAAGlpZQk1NDg4MjIyMjVpbAJrAIFsAmhpZGwCZwJpbAJrAWUDb2ZmbASBaWRsAoFpZGwCgWlkbAJoaWpkam4BZQcyMDE5LzIwbgFlBDIwMTl%2BAXFsAWhkZwNpZGwCZwVpZGwCaGlkbAJnB2lkbAaBaWwCawJlFE4mIzIzMDtydW0gR3ltbmFzaXVtZGcFaWRsAoFpZGwCgWlsAmsDZQI1MGRnB2lkbAKBaWRsAoFpamlsAmsEcGRkZGRkBQAAABNWYWxpZGF0ZVJlcXVlc3RNb2RlDGF1dG9jb21wbGV0ZQlpbm5lcmh0bWwJbWF4bGVuZ3RoB0NoZWNrZWQAXXvzIZezMAoPCqv5j%2FZuNIu6H1E%3D&__VIEWSTATEY_KEY=&__VIEWSTATE=&__EVENTVALIDATION=CY6WRLYHybmNGyj0%2FWgw9s%2BaewM2gnWAIUbvnFzgoYWgYPLkQnxHIBIpQPjEa3On7opgtRStMA%2FpLhG9PzzgXNTaWwTZIeSfKwS74n4yMULKRovRw2H%2Fwlg8HRUdJemRR%2FyFEzIkbToD8psr4CO9G3nzX706D25SYrmTc2WygXZ%2B1oYTAMe3FD7ocBdwh%2FrHRBAOaoTzCsCSlpMVce8GxcWKS3lryh8E8yVmy4AgrHpjgj3R0g1ziPKG96%2B1vVr%2B&m%24Content%24username2=username&m%24Content%24passwordHidden=password&LectioPostbackId=
C# client request:
POST https://www.lectio.dk/lectio/31/login.aspx HTTP/1.1
Cache-Control: max-age=0
Accept: text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, image/apng, /; q=0.8, application/signed-exchange; v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB, en-AS; q=0.9, en-DK; q=0.8, en; q=0.7, da-DK; q=0.6, da; q=0.5, en-US; q=0.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Referer: https://www.lectio.dk/lectio/31/login.aspx
Origin: https://www.lectio.dk
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: LastLoginExamno=31; ASP.NET_SessionId=DBYVNKXMKMO2F7XF7T22TM4RALBLKYPBQT42BGZX6H2UA5TZ2ZHCAIBA
Content-Type: application/x-www-form-urlencoded
Content-Length: 485
Host: www.lectio.dk
time=0&__EVENTTARGET=m%24Content%24submitbtn2&__EVENTARGUMENT=&__SCROLLPOSITION=&__VIEWSTATEX=FAAAAGlpZQotMTY2NzgzMzI1ZGQAAAAAALJLI4R47o%2FDmiaj2f9RNeeWl%2B5K&__VIEWSTATEY_KEY=&__VIEWSTATE=&__EVENTVALIDATION=%2FYOJVoNfWl%2F8olHfFefQyPMhqxIUan914QzoN6cFD0eGMukIp%2B%2FciKjpJU04AgXJhME7LttuUGcP8yOJ7xPSSP%2Bl8AnZk2DAdvMIFLFAAPD2Rf4K1DapTvDcnWnyz%2Bj1tesSoSUmLcmmh2E0ljSNR1Qr%2BUpIWQ91RtL1jS4GDh0%3D&m%24Content%24username2=povl0057&m%24Content%24passwordHidden=jdf59jcx&LectioPostbackId=
SessionIDin the request, which more than likely has expired. – Ryan Wilson