c# - Setting Cookie values in HttpAuthenticationContext for IAuthenticationFilter -


i have need read/write cookies during authentication step of webapi pipeline. have created custom filter this.

in attempt comply self-hosting concepts, safe way access , write cookies out client? rick strahl commented if use httpcontext.current.response.cookies.add(), , application self-hosted, context may/will not exist.

so how write cookie out client using httpauthenticationcontext , still self-host safe?

httpauthenticationcontext authcontext; authcontext.actioncontext.response.headers.addcookies(/*cookies */); 

edit2

httpauthenticationcontext authcontext; var mycookie = new cookieheadervalue("key", "value") authcontext.actioncontext.response.headers.add("set-cookie", mycookie.tostring()); 

edit

addcookie extension method located in system.net.http.formatting.dll (as of version v5.2.2.0), , extension method declared static class httpresponseheadersextensions, located in namespace system.net.http.

  • if cannot find extension method, try locate httpresponseheadersextensions class.

  • if cannot find httpresponseheadersextensions class, try upgrade web api 2 libraries. efficient way upgrade nuget packages of webapi2 of every projects (for hate upgrading nuget packages me), global search/replace on .config files of term 'version="x.x.x" targetframework="net45"' (where x.x.x older version replaced 'version="5.2.2" targetframework="net45"'

  • in worst case scenario if boss or mom won't let upgrade nuget packages, can adopt rebel attitude , decompile code containing addcookie, appear this:

        using system;     using system.collections.generic;     using system.componentmodel;     using system.net.http.headers;     using system.net.http.properties;     using system.web.http;     namespace system.net.http     {         /// <summary> provides extension methods <see cref="t:system.net.http.headers.httpresponseheaders" /> class. </summary>         [editorbrowsable(editorbrowsablestate.never)]         public static class httpresponseheadersextensions         {             private const string setcookie = "set-cookie";             /// <summary> adds cookies response. each set-cookie header  represented 1 <see cref="t:system.net.http.headers.cookieheadervalue" /> instance. <see cref="t:system.net.http.headers.cookieheadervalue" /> contains information domain, path, , other cookie information 1 or more <see cref="t:system.net.http.headers.cookiestate" /> instances. each <see cref="t:system.net.http.headers.cookiestate" /> instance contains cookie name , whatever cookie state associate name. state in form of  <see cref="t:system.collections.specialized.namevaluecollection" /> on wire encoded html form url-encoded data.  representation allows multiple related "cookies" carried within same cookie header while still providing separation between each cookie state. sample cookie header shown below. in example, there 2 <see cref="t:system.net.http.headers.cookiestate" /> names state1 , state2 respectively. further, each cookie state contains 2 name/value pairs (name1/value1 , name2/value2) , (name3/value3 , name4/value4). &lt;code&gt; set-cookie: state1:name1=value1&amp;amp;name2=value2; state2:name3=value3&amp;amp;name4=value4; domain=domain1; path=path1; &lt;/code&gt;</summary>             /// <param name="headers">the response headers</param>             /// <param name="cookies">the cookie values add response.</param>             public static void addcookies(this httpresponseheaders headers, ienumerable<cookieheadervalue> cookies)             {                 if (headers == null)                 {                     throw error.argumentnull("headers");                 }                 if (cookies == null)                 {                     throw error.argumentnull("cookies");                 }                 foreach (cookieheadervalue current in cookies)                 {                     if (current == null)                     {                         throw error.argument("cookies", resources.cookienull, new object[0]);                     }                     headers.tryaddwithoutvalidation("set-cookie", current.tostring());                 }             }         }     } 
    • in end feel little stupid spending time looking extension method, when realize adding cookie in webapi2 done in line of code:

headers.tryaddwithoutvalidation("set-cookie", new cookieheadervalue("key", "value")); //where headers httpresponseheaders


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -