20

I would like to create a demo login service in web api and need to set a cookie on the response. How do I do that? Or are there any better way to do authorization?

Improve this question
1

2 Answers 2

Reset to default
27

Add a reference to System.Net.Http.Formatting.dll and use the AddCookies extension method defined in the HttpResponseHeadersExtensions class.

Here is a blog post describing this approach, and the MSDN topic.

If that assembly isn't an option for you, here's my older answer from before this was an option:

Older answer follows

I prefer an approach that stays within the realm of HttpResponseMessage without bleeding into the HttpContext which isn't as unit testable and does not always apply depending on the host:

/// <summary> /// Adds a Set-Cookie HTTP header for the specified cookie. /// WARNING: support for cookie properties is currently VERY LIMITED. /// </summary> internal static void SetCookie(this HttpResponseHeaders headers, Cookie cookie) { Requires.NotNull(headers, "headers"); Requires.NotNull(cookie, "cookie"); var cookieBuilder = new StringBuilder(HttpUtility.UrlEncode(cookie.Name) + "=" + HttpUtility.UrlEncode(cookie.Value)); if (cookie.HttpOnly) { cookieBuilder.Append("; HttpOnly"); } if (cookie.Secure) { cookieBuilder.Append("; Secure"); } headers.Add("Set-Cookie", cookieBuilder.ToString()); }

Then you can include a cookie in the response like this:

HttpResponseMessage response; response.Headers.SetCookie(new Cookie("name", "value"));
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I agree, this looks like a better alternative. Changed the accepted answers to guide users in the future.
Is it possible that this is no longer an answer? The only way I've found this dll is through Nuget and it explicitly states that it is for WebApi.Client higher than 2.0 and lower than 2.1, so this answer was for WebApi 2. We're now with ASP.NET 4 and I cannot find this dll anymore.
@IsaacLlopis I guess they moved it from the extension dll to the core.
@CsabaToth It doesn't seem to be available for me. Which DLL is it in?
@crush I am using .NET 4.5.2, and it's in Assembly System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, namespace System.Net.Http, public static class HttpResponseHeadersExtensions.
|
9

You can add the cookie to the HttpContext.Current.Response.Cookies collection.

 var cookie = new HttpCookie("MyCookie", DateTime.Now.ToLongTimeString()); HttpContext.Current.Response.Cookies.Add(cookie);
Improve this answer

6 Comments

Thank you, exactly what I wanted and should have thought of myself. But actually expected that to be available on the HttpResponseMessage.
That was my first guess as well but for some reason it isn't. That certainly would have been better for test-ability.
This answer goes against the way in which WebAPI should be used. You should not be referencing HttpContext.Current from WebAPI as this will not exist if you self host. The beta bits were missing loads of helper utilities like this. The RC added an AddCookies() extension method to HttpResponseMessage.Headers which you should use instead.
@Andrew Good point and using the AddCookies() is certainly better. At the time it wasn't around though.
Andrew is right: in addition to it being against convention, using HttpContext to set the cookie does not work for me in a WebAPI Controller
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.