I am in the progress of making a mobile App for a website to view your schedule. They don't provide any API and has no intention to make one.
The website can only function with Ajax, however to fake these requests and scrape the website I need to fake the __EVENTVALIDATION post field.
I have no control whatsoever over the website and I have never built anything using ASP.NET or Microsoft Ajax.
Has anyone done this?
I have found that the __EVENTVALIDATION field has this pattern (... symbolises bytes changed depending on the request, hexdump of the base64 decoded version):
d8 01 16 13 02 4f 0a ... f6 e0 84 d4 05 02 a0 3f e2 3f 03 02 3f d8 d1 d5 0c 02 bb 82 cf ec 08 02 b4 b5 99 f8 0b 02 3f 89 3f eb 04 02 d5 83 90 88 0a 02 8a db 94 90 03 02 8b cf 3f 85 08 02 93 3f b1 3f 06 02 9b 3f 8f a5 02 02 b5 b4 af 85 01 02 d1 fc ae 9c 0e 02 b4 e2 94 9e 0a 02 3f e2 94 9e 0a 02 3f e2 94 9e 0a 02 bb 92 80 a5 06 ...
I've dealt with this problem before in building scrapers for ASP.NET sites. You need to request the initial page that the browser user would ordinarily land on, extract the __VIEWSTATE and __EVENTVALIDATION hashes then use these in making the second request for the data which you actually need.
For example, if you're scraping the response from a form submission:
If you're looking for JavaScript functions to extract the hashes from markup, I've published the ones I use as ms-viewstate on GitHub.