c# - Setting Cookie values in HttpAuthenticationContext for IAuthenticationFilter -
i have need read/write cookies during authentication step of webapi pipeline. have created custom filter this.
in attempt comply self-hosting concepts, safe way access , write cookies out client? rick strahl commented if use httpcontext.current.response.cookies.add()
, , application self-hosted, context may/will not exist.
so how write cookie out client using httpauthenticationcontext
, still self-host safe?
httpauthenticationcontext authcontext; authcontext.actioncontext.response.headers.addcookies(/*cookies */);
edit2
httpauthenticationcontext authcontext; var mycookie = new cookieheadervalue("key", "value") authcontext.actioncontext.response.headers.add("set-cookie", mycookie.tostring());
edit
addcookie extension method located in system.net.http.formatting.dll (as of version v5.2.2.0), , extension method declared static class httpresponseheadersextensions, located in namespace system.net.http.
if cannot find extension method, try locate httpresponseheadersextensions class.
if cannot find httpresponseheadersextensions class, try upgrade web api 2 libraries. efficient way upgrade nuget packages of webapi2 of every projects (for hate upgrading nuget packages me), global search/replace on .config files of term 'version="x.x.x" targetframework="net45"' (where x.x.x older version replaced 'version="5.2.2" targetframework="net45"'
in worst case scenario if boss or mom won't let upgrade nuget packages, can adopt rebel attitude , decompile code containing addcookie, appear this:
using system; using system.collections.generic; using system.componentmodel; using system.net.http.headers; using system.net.http.properties; using system.web.http; namespace system.net.http { /// <summary> provides extension methods <see cref="t:system.net.http.headers.httpresponseheaders" /> class. </summary> [editorbrowsable(editorbrowsablestate.never)] public static class httpresponseheadersextensions { private const string setcookie = "set-cookie"; /// <summary> adds cookies response. each set-cookie header represented 1 <see cref="t:system.net.http.headers.cookieheadervalue" /> instance. <see cref="t:system.net.http.headers.cookieheadervalue" /> contains information domain, path, , other cookie information 1 or more <see cref="t:system.net.http.headers.cookiestate" /> instances. each <see cref="t:system.net.http.headers.cookiestate" /> instance contains cookie name , whatever cookie state associate name. state in form of <see cref="t:system.collections.specialized.namevaluecollection" /> on wire encoded html form url-encoded data. representation allows multiple related "cookies" carried within same cookie header while still providing separation between each cookie state. sample cookie header shown below. in example, there 2 <see cref="t:system.net.http.headers.cookiestate" /> names state1 , state2 respectively. further, each cookie state contains 2 name/value pairs (name1/value1 , name2/value2) , (name3/value3 , name4/value4). <code> set-cookie: state1:name1=value1&amp;name2=value2; state2:name3=value3&amp;name4=value4; domain=domain1; path=path1; </code></summary> /// <param name="headers">the response headers</param> /// <param name="cookies">the cookie values add response.</param> public static void addcookies(this httpresponseheaders headers, ienumerable<cookieheadervalue> cookies) { if (headers == null) { throw error.argumentnull("headers"); } if (cookies == null) { throw error.argumentnull("cookies"); } foreach (cookieheadervalue current in cookies) { if (current == null) { throw error.argument("cookies", resources.cookienull, new object[0]); } headers.tryaddwithoutvalidation("set-cookie", current.tostring()); } } } }
- in end feel little stupid spending time looking extension method, when realize adding cookie in webapi2 done in line of code:
headers.tryaddwithoutvalidation("set-cookie", new cookieheadervalue("key", "value")); //where headers httpresponseheaders
Comments
Post a Comment