c# - 在 HttpAuthenticationContext 中为 IAuthenticationFilter 设置 Cookie 值

我需要在 WebAPI 管道的身份验证步骤期间读取/写入 cookie。我为此创建了一个自定义过滤器。

为了遵守自托管概念，访问 cookie 并将其写入客户端的安全方法是什么？ Rick Strahl 评论说，如果我们使用 HttpContext.Current.Response.Cookies.Add() ，并且我的应用程序是自托管的，则上下文可能/将不存在。

那么我如何使用 HttpAuthenticationContext 将 cookie 写入客户端并且仍然是自托管安全的？

最佳答案

HttpAuthenticationContext authContext;
authContext.ActionContext.Response.Headers.AddCookies(/*cookies */);

edit2

HttpAuthenticationContext authContext;
var myCookie = new CookieHeaderValue("key", "value")
authContext.ActionContext.Response.Headers.Add("Set-Cookie", myCookie.ToString());

编辑

AddCookie 是位于 System.Net.Http.Formatting.dll 中的扩展方法(从 v5.2.2.0 开始)，该扩展方法由位于 System.Net.Http 命名空间中的静态类 HttpResponseHeadersExtensions 声明。

如果找不到扩展方法，请尝试定位 HttpResponseHeadersExtensions 类。

如果找不到 HttpResponseHeadersExtensions 类，请尝试升级 Web Api 2 库。升级每个项目的 WebApi2 的所有 nuget 包的最有效方法(对于像我这样讨厌升级 nuget 包的人)，是对术语 'version="xxx"targetFramework="net45 的 .config 文件进行全局搜索/替换"'(其中 xxx 是旧版本，替换为 'version="5.2.2"targetFramework="net45"'

在最坏的情况下，如果你的老板或你的妈妈不让你升级nuget包，你总是可以采取反抗的态度并反编译包含AddCookie的代码，它看起来像这样:

    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Net.Http.Headers;
    using System.Net.Http.Properties;
    using System.Web.Http;
    namespace System.Net.Http
    {
        /// <summary> Provides extension methods for the <see cref="T:System.Net.Http.Headers.HttpResponseHeaders" /> class. </summary>
        [EditorBrowsable(EditorBrowsableState.Never)]
        public static class HttpResponseHeadersExtensions
        {
            private const string SetCookie = "Set-Cookie";
            /// <summary> Adds cookies to a response. Each Set-Cookie header is  represented as one <see cref="T:System.Net.Http.Headers.CookieHeaderValue" /> instance. A <see cref="T:System.Net.Http.Headers.CookieHeaderValue" /> contains information about the domain, path, and other cookie information as well as one or more <see cref="T:System.Net.Http.Headers.CookieState" /> instances. Each <see cref="T:System.Net.Http.Headers.CookieState" /> instance contains a cookie name and whatever cookie state is associate with that name. The state is in the form of a  <see cref="T:System.Collections.Specialized.NameValueCollection" /> which on the wire is encoded as HTML Form URL-encoded data.  This representation allows for multiple related "cookies" to be carried within the same Cookie header while still providing separation between each cookie state. A sample Cookie header is shown below. In this example, there are two <see cref="T:System.Net.Http.Headers.CookieState" /> with names state1 and state2 respectively. Further, each cookie state contains two name/value pairs (name1/value1 and name2/value2) and (name3/value3 and name4/value4). &lt;code&gt; Set-Cookie: state1:name1=value1&amp;amp;name2=value2; state2:name3=value3&amp;amp;name4=value4; domain=domain1; path=path1; &lt;/code&gt;</summary>
            /// <param name="headers">The response headers</param>
            /// <param name="cookies">The cookie values to add to the response.</param>
            public static void AddCookies(this HttpResponseHeaders headers, IEnumerable<CookieHeaderValue> cookies)
            {
                if (headers == null)
                {
                    throw Error.ArgumentNull("headers");
                }
                if (cookies == null)
                {
                    throw Error.ArgumentNull("cookies");
                }
                foreach (CookieHeaderValue current in cookies)
                {
                    if (current == null)
                    {
                        throw Error.Argument("cookies", Resources.CookieNull, new object[0]);
                    }
                    headers.TryAddWithoutValidation("Set-Cookie", current.ToString());
                }
            }
        }
    }

最后花这么多时间找一个扩展方法你觉得有点傻，当你发现在webapi2中添加cookie只是一行代码:

关于c# - 在 HttpAuthenticationContext 中为 IAuthenticationFilter 设置 Cookie 值，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/29378822/