View Single Post
  #4 (permalink)  
Old October 21st, 2008, 08:48 PM
Old Pedant Old Pedant is offline
Friend of Wrox
 
Join Date: Jun 2008
Location: Snohomish, WA, USA
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

Jason is way off on this one, and I don't think Planoie really explained what the problem is.

But first of all, I have to say that this project *FEELS* like an attempt at identity theft. Why would you want to act as an intermediary between a user and Yahoo??? Why would anybody TRUST you to act as an intermediary?? After all, you would be able to capture their usernames and passwords and all other personal info. You wouldn't catch me using your site.

If this *is* an identity theft attempt, then I'm happy to say I don't think you will succeed. But even if you have legit reasons for this, I don't think you will succeed. Here's why:

****************************************

When you access the Yahoo email site in your browser, Yahoo utilizes cookies and scripting to control the page and (as Planoie noted) get access to your email data. It detects whether or not JavaScript is enabled by one of several simple means. (A simple example: It uses JS to set the value of some form field and then has a meta-refresh that submits the form. If it doesn't see the expected value in the form field, it knows that JS didn't set the value, and so it gives you that message. I can think of a handful of other ways to make such a check.)

When you use HttpWebRequest to hit the Yahoo site, there is no possible way that you can simulate the actions of JavaScript in the browser. (Well, it *COULD* be done, but you'd need to be a major expert in browser and web technology to pull it off.) Further, unless your request passes along all the cookies and User Agent String info that Yahoo expects, your request will fall flat on its face.

In short, I think this whole experiment is doomed to failure from the start. The fact that you had to ask the question in this forum tells me that you aren't somebody with the expertise to pull of a browser simulation and thus fool Yahoo.

Just as a point of reference: I consider myself *somewhat* knowledgable in this area. Example: I know all the components of a User Agent String, and I know what form a cookie must have, I know how to parse JavaScript, though I couldn't emulate it, and more. *I* would not tackle this project, because I think it could easily eat up a few MONTHS of my time.

*****************

If all you want to do is give your users a spot on your page where they can view their Yahoo mail, then there is an easy answer. Just use an <IFRAME> or <FRAME> and load Yahoo into it. (Of course, Yahoo might have some frame-busting protection built in, so that wouldn't work. Dunno.)