c#-在IAuthenticationFilter的HttpAuthenticationContext中设置Cookie值
作者:互联网
我需要在WebAPI管道的身份验证步骤中读取/写入cookie.我为此创建了一个自定义过滤器.
为了遵守自托管的概念,访问和向客户端写Cookie的安全方法是什么? Rick Strahl评论说,如果我们使用HttpContext.Current.Response.Cookies.Add(),并且我的应用程序是自托管的,则上下文可能/将不存在.
那么,如何使用HttpAuthenticationContext向客户端写一个cookie,并且仍然是自托管的呢?
解决方法:
HttpAuthenticationContext authContext;
authContext.ActionContext.Response.Headers.AddCookies(/*cookies */);
编辑2
HttpAuthenticationContext authContext;
var myCookie = new CookieHeaderValue("key", "value")
authContext.ActionContext.Response.Headers.Add("Set-Cookie", myCookie.ToString());
编辑
AddCookie是位于System.Net.Http.Formatting.dll(从v5.2.2.0版本开始)中的扩展方法,并且该扩展方法由位于命名空间System.Net.Http中的静态类HttpResponseHeadersExtensions声明.
>如果找不到扩展方法,请尝试找到HttpResponseHeadersExtensions类.
>如果找不到HttpResponseHeadersExtensions类,请尝试升级Web Api 2库.升级每个项目的WebApi2的所有nuget包(对于那些讨厌像我这样讨厌升级nuget包的人)的最有效方法是对术语’version =“ xxx” targetFramework =“ net45的.config文件进行全局搜索/替换. “”(其中xxx是由“ version =“ 5.2.2” targetFramework =“ net45”代替的较旧版本)
>在最坏的情况下,如果老板或妈妈不允许您升级nuget程序包,则始终可以采取反叛态度并反编译包含AddCookie的代码,该代码看起来像这样:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Net.Http.Headers;
using System.Net.Http.Properties;
using System.Web.Http;
namespace System.Net.Http
{
/// <summary> Provides extension methods for the <see cref="T:System.Net.Http.Headers.HttpResponseHeaders" /> class. </summary>
[EditorBrowsable(EditorBrowsableState.Never)]
public static class HttpResponseHeadersExtensions
{
private const string SetCookie = "Set-Cookie";
/// <summary> Adds cookies to a response. Each Set-Cookie header is represented as one <see cref="T:System.Net.Http.Headers.CookieHeaderValue" /> instance. A <see cref="T:System.Net.Http.Headers.CookieHeaderValue" /> contains information about the domain, path, and other cookie information as well as one or more <see cref="T:System.Net.Http.Headers.CookieState" /> instances. Each <see cref="T:System.Net.Http.Headers.CookieState" /> instance contains a cookie name and whatever cookie state is associate with that name. The state is in the form of a <see cref="T:System.Collections.Specialized.NameValueCollection" /> which on the wire is encoded as HTML Form URL-encoded data. This representation allows for multiple related "cookies" to be carried within the same Cookie header while still providing separation between each cookie state. A sample Cookie header is shown below. In this example, there are two <see cref="T:System.Net.Http.Headers.CookieState" /> with names state1 and state2 respectively. Further, each cookie state contains two name/value pairs (name1/value1 and name2/value2) and (name3/value3 and name4/value4). <code> Set-Cookie: state1:name1=value1&amp;name2=value2; state2:name3=value3&amp;name4=value4; domain=domain1; path=path1; </code></summary>
/// <param name="headers">The response headers</param>
/// <param name="cookies">The cookie values to add to the response.</param>
public static void AddCookies(this HttpResponseHeaders headers, IEnumerable<CookieHeaderValue> cookies)
{
if (headers == null)
{
throw Error.ArgumentNull("headers");
}
if (cookies == null)
{
throw Error.ArgumentNull("cookies");
}
foreach (CookieHeaderValue current in cookies)
{
if (current == null)
{
throw Error.Argument("cookies", Resources.CookieNull, new object[0]);
}
headers.TryAddWithoutValidation("Set-Cookie", current.ToString());
}
}
}
}
>最后,当您意识到在webapi2中添加cookie只需用一行代码完成时,您会觉得花了这么多时间来寻找扩展方法有点愚蠢:
headers.TryAddWithoutValidation(“Set-Cookie”, new CookieHeaderValue(“key”, “value”)); //where headers is a HttpResponseHeaders
标签:cookies,asp-net-web-api,c 来源: https://codeday.me/bug/20191120/2044750.html