I would like to create a demo login service in web api and need to set a cookie on the response. How do I do that? Or are there any better way to do authorization?
Asked
Active
Viewed 3.4k times
18
-
It doesn't look like you can set a cookie on HttpResponseMessage. Have a look at this thread, maybe it will help http://stackoverflow.com/questions/5463431/setting-cookies-within-a-wcf-service – James Hay Mar 20 '12 at 19:37
2 Answers
26
Add a reference to System.Net.Http.Formatting.dll and use the AddCookies extension method defined in the HttpResponseHeadersExtensions class.
Here is a blog post describing this approach, and the MSDN topic.
If that assembly isn't an option for you, here's my older answer from before this was an option:
Older answer follows
I prefer an approach that stays within the realm of HttpResponseMessage without bleeding into the HttpContext which isn't as unit testable and does not always apply depending on the host:
/// <summary>
/// Adds a Set-Cookie HTTP header for the specified cookie.
/// WARNING: support for cookie properties is currently VERY LIMITED.
/// </summary>
internal static void SetCookie(this HttpResponseHeaders headers, Cookie cookie) {
Requires.NotNull(headers, "headers");
Requires.NotNull(cookie, "cookie");
var cookieBuilder = new StringBuilder(HttpUtility.UrlEncode(cookie.Name) + "=" + HttpUtility.UrlEncode(cookie.Value));
if (cookie.HttpOnly) {
cookieBuilder.Append("; HttpOnly");
}
if (cookie.Secure) {
cookieBuilder.Append("; Secure");
}
headers.Add("Set-Cookie", cookieBuilder.ToString());
}
Then you can include a cookie in the response like this:
HttpResponseMessage response;
response.Headers.SetCookie(new Cookie("name", "value"));
ruffin
- 16,507
- 9
- 88
- 138
Andrew Arnott
- 80,040
- 26
- 132
- 171
-
I agree, this looks like a better alternative. Changed the accepted answers to guide users in the future. – Tomas Jansson Jan 14 '13 at 06:49
-
Is it possible that this is no longer an answer? The only way I've found this dll is through Nuget and it explicitly states that it is for WebApi.Client higher than 2.0 and lower than 2.1, so this answer was for WebApi 2. We're now with ASP.NET 4 and I cannot find this dll anymore. – Isaac Llopis Sep 24 '13 at 14:28
-
@IsaacLlopis I guess they moved it from the extension dll to the core. – Csaba Toth Jun 12 '14 at 20:10
-
-
@crush I am using .NET 4.5.2, and it's in `Assembly System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`, `namespace System.Net.Http`, `public static class HttpResponseHeadersExtensions`. – Alexander Jun 10 '16 at 08:04
-
For asp.net core developer, need to modify using this http://stackoverflow.com/a/39317243/900284 – Frank Myat Thu Dec 26 '16 at 06:50
9
You can add the cookie to the HttpContext.Current.Response.Cookies collection.
var cookie = new HttpCookie("MyCookie", DateTime.Now.ToLongTimeString());
HttpContext.Current.Response.Cookies.Add(cookie);
Maurice
- 27,582
- 5
- 49
- 62
-
Thank you, exactly what I wanted and should have thought of myself. But actually expected that to be available on the `HttpResponseMessage`. – Tomas Jansson Mar 20 '12 at 20:08
-
That was my first guess as well but for some reason it isn't. That certainly would have been better for test-ability. – Maurice Mar 20 '12 at 20:13
-
25This answer goes against the way in which WebAPI should be used. You should not be referencing HttpContext.Current from WebAPI as this will not exist if you self host. The beta bits were missing loads of helper utilities like this. The RC added an AddCookies() extension method to HttpResponseMessage.Headers which you should use instead. – Andrew Jul 09 '12 at 09:04
-
1@Andrew Good point and using the AddCookies() is certainly better. At the time it wasn't around though. – Maurice Jul 09 '12 at 12:33
-
1Andrew is right: in addition to it being against convention, using HttpContext to set the cookie does not work for me in a WebAPI Controller – Danny R Nov 04 '14 at 15:50
-
@Andrew I can't seem to find AddCookies() on HttpResponseMessage.Headers – crush Jun 20 '15 at 01:25