0

I have built small example with asp.net web api. I create a api for authentication. I try to use set-cookie response header when user logged in successful. But in next request, i can't find cookie in header. Can anybody help me? Thanks a lot!!!

        if (repository.CheckValidUser(user))
        {
            var resp = new HttpResponseMessage();

            var cookie = new CookieHeaderValue("Authorization-Token", RSAClass.Encrypt(user.Username));
            cookie.Expires = DateTimeOffset.Now.AddDays(1);
            cookie.Domain = Request.RequestUri.Host;
            cookie.Path = "/";

            resp.Headers.AddCookies(new CookieHeaderValue[] { cookie });
            return resp;
        }
        else
        {
            throw new HttpResponseException(new HttpResponseMessage() { StatusCode = HttpStatusCode.Unauthorized, Content = new StringContent("Invalid user name or password.") });
        }

I have some photos about my request

authen request

next request

Improve this question

1 Answer 1

Reset to default
3

You should create a DelegatingHanlder to persist cookies, for exemple:

public class MyCookieHandle : DelegatingHandler
{
    async protected override Task<HttpResponseMessage> SendAsync(
    HttpRequestMessage request, CancellationToken cancellationToken)
    {
        //
        //  Other code for retrieve user information
        //
        var cookie = request.Headers.GetCookies("Authorization-Token").FirstOrDefault();

        if (cookie == null)
        {
            cookie = new CookieHeaderValue("Authorization-Token", RSAClass.Encrypt(user.Username));
            cookie.Expires = DateTimeOffset.Now.AddDays(1);
            cookie.Domain = request.RequestUri.Host;
            cookie.Path = "/";
        }

        HttpResponseMessage resp = await base.SendAsync(request, cancellationToken);
        resp.Headers.AddCookies(new CookieHeaderValue[] { cookie });

        return resp;
    }
}

There's more information here: HTTP Cookies in ASP.NET Web API

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Wow, i will try it. Thank you so much. I waste 2 hours for this problem. Thank you.
But why i can't use set-cookie header in controller? Can you explain this for me? Thank you!
You can, but you must persist every cookie for request, or It will be lost, given that you are dealing with Wep API that handle directly HTTP Resquest / Response

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.