Login Web with Invoke-WebRequest not working

Question

I'm trying to automate a login into a webpage via invokewebrequest.

 $urlLogin = "https://XXXXXX.es/web/XXXXX/inicio?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Flogin"

$loginPayload = @{
    _com_liferay_login_web_portlet_LoginPortlet_formDate                = "1692051569185"
    _com_liferay_login_web_portlet_LoginPortlet_saveLastPath            = $False
    _com_liferay_login_web_portlet_LoginPortlet_redirect                = ""
    _com_liferay_login_web_portlet_LoginPortlet_doActionAfterLogin      = $False
    _com_liferay_login_web_portlet_LoginPortlet_conexionInterna         = ""
    _com_liferay_login_web_portlet_LoginPortlet_masinformacionservicios = ""
    _com_liferay_login_web_portlet_LoginPortlet_login                   = $secrets.userbida
    _com_liferay_login_web_portlet_LoginPortlet_password                = $secrets.pwdbida
    p_auth                                                              = ""
}
$responseLogin = Invoke-WebRequest -Uri $urlLogin -Body $loginPayload -Method "POST" -SessionVariable session -MaximumRedirection 0 -SkipHttpErrorCheck -ErrorAction SilentlyContinue
if ($responseLogin.Headers.'Set-Cookie' -like '*JSESSIONID*') {
    Write-Host (get-date -format "dd-MM-yyyy HH:mm:ss") "INFO: Log In Succeded: $($responseLogin.Headers.'Set-Cookie'.Count) Cookies obtained`n$($responseLogin.Headers.'Set-Cookie')"
}
else {
    Write-Host (get-date -format "dd-MM-yyyy HH:mm:ss") "ERROR: Function $($MyInvocation.MyCommand) - Unable to get Cookies. Login Failed. Check parameters file or web status"
    throw
}

Response is 302 and I obtain 3 cookies:

$responseLogin.Headers.'Set-Cookie'
JSESSIONID=B39C532969F757DA32595072FE9C48E8.srvbidp089; Path=/; Secure; HttpOnly
COOKIE_SUPPORT=true; Max-Age=31536000; Expires=Wed, 14-Aug-2024 14:04:06 GMT; Path=/; Secure; HttpOnly
GUEST_LANGUAGE_ID=es_ES; Max-Age=31536000; Expires=Wed, 14-Aug-2024 14:04:06 GMT; Path=/; Secure; HttpOnly

But when I use the Session variable for a request, it always responds home html as If i'm not logged in.

EDIT

This is the process I do via code in order to try the login. Second request is the one

Post Login data to URL https://XXXX.es/web/XXXX/inicio?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&_com_liferay_login_web_portlet_LoginPortlet_javax.portlet.action=%2Flogin%2Flogin&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Flogin And I avoid the redirect to obtain the cookies.
I use the session to get my user homepage doint a GET to https://XXXX.es/group/XXX/inicio. With this I should get the HTML file of my homepage, but instead it gives me status code 200 and the default homepage of the web, as if I was not logged in:https://xxxx.es/web/xxxx

This script has worked before in other webpages, but for some reason this one is different.

Additional Information:

If I do the steps on the navigator, login request headers returns same code "302" but with 10 additional cookies, so I guess the issue must be this.

I've tried to add this cookies manualy downloading them in JSON format and then adding to the session variable. But it did not work....

Any help is appreciated!

BR

Thanks, but no helpfull at all. No location received on the headers response. — Daniziz, Aug 15 '23 at 20:36
You don't specify where `$secrets` comes from. `$secrets.pwdbida` needs to be a regular string, not a secure string. — Doug Maurer, Aug 15 '23 at 20:44
Are you getting a 200 OK? You said "it always responds home html". What does this mean? If you are getting a 200 OK than server is accepting the cookies on second request. 200 OK means there is no error. You are sending a post which means your request contains a body and the server is processing the body data. — jdweng, Aug 15 '23 at 20:50
Hi @jdweng , Thanks for the feedback, I've added an EDIT to my question to hopefully clarify the issue. — Daniziz, Aug 15 '23 at 21:17
@doug-maurer `$secrets` is a JSON file with regular strings, no problem with that... — Daniziz, Aug 15 '23 at 21:17
What is wrong? You are getting 200 OK. I think the connection is working the without the logging in because the cookies are being used instead of logging in. When coolies are expired you then need to login. There is nothing wrong when you do not get the cookies JSESSIONID, it just means the cookies are valid. So check for 200 OK and if you are getting 200 than you do not need to check for the cookie. — jdweng, Aug 15 '23 at 21:29
What is wrong Is that I get the same response using cookies or not (200 ok): HTML file from homepage. If the login is really OK, I should get "user" homepage HTML file (Different). `$response = Invoke-WebRequest -Uri "https://xxx.es/group/xxx/inicio" -Method "GET" -WebSession $session -MaximumRedirection 2` has the same behaviour and response as `$response = Invoke-WebRequest -Uri "https://xxx.es/group/xxx/inicio" -Method "GET" -MaximumRedirection 2` We are talking about seconds, so no expiration here for the moment I do second request. — Daniziz, Aug 15 '23 at 21:38

Login Web with Invoke-WebRequest not working

0 Answers0