I have a Web.Api service which has a method that accepts a custom class and returns another custom class:
public class TestController : ApiController { public CustomResponse Post([FromBody]CustomRequest request) { // process request ... // create response CustomResponse resp = new CustomResponse() { ... }; return resp; } }
Now I want to also send a cookie back as part of the Http response. How can I do that?
Use the RequestHeader action filtering by "cookie" to get your cookie and do a List append to the header so you can send it in the call you are doing.
To send cookies to the server, you need to add the "Cookie: name=value" header to your request. To send multiple Cookies in one cookie header, you can separate them with semicolons. In this Send Cookies example, we are sending HTTP cookies to the ReqBin echo URL.
To set a cookie in REST API response, get the Response reference and use it's cookie() method.
Cookies in Web API. To add a cookie to an HTTP response, create a CookieHeaderValue instance that represents the cookie. Then call the AddCookies extension method, which is defined in the System.Net.Http.
There are better alternatives for Web API security such as Json Web Tokens (JWT) that you can use instead of cookie authentication. However, if for some reason you want to implement cookie authentication for Web API you can use the technique illustrated in the remainder of this article.
If you are building a web application then you probably have reached the point where there’s the need to implement cookies. If you haven’t, you will! This article is accompanied by a working code example on GitHub .
The client sends a request to the server with the user’s credentials. The server authenticates the user, creates a cookie with a user id encoded, and sets it in the response header. The header Set-Cookie in the HTTP response would look like this: Once the browser gets the cookie, it can send the cookie back to the server.
I managed to do this by combining information from a few different locations. First, in order to easily be able to send cookies in the response, the Web.Api controller should return an instance of the System.Net.Http.HttpResponseMessage
class (link):
public class TestController : ApiController { public HttpResponseMessage Post([FromBody]CustomRequest request) { var resp = new HttpResponseMessage(); ... //create and set cookie in response var cookie = new CookieHeaderValue("customCookie", "cookieVal"); cookie.Expires = DateTimeOffset.Now.AddDays(1); cookie.Domain = Request.RequestUri.Host; cookie.Path = "/"; resp.Headers.AddCookies(new CookieHeaderValue[] { cookie }); return resp; } }
But then how do I make sure that I can easily ALSO send back the CustomResponse
?
The trick is in the answer to this question. Use the Request.CreateResponse<T>
method on the request object. The whole deal then becomes:
public class TestController : ApiController { public HttpResponseMessage Post([FromBody]CustomRequest request) { // process request ... var resp = Request.CreateResponse<CustomResponse>( HttpStatusCode.OK, new CustomResponse() { ... } ); //create and set cookie in response var cookie = new CookieHeaderValue("customCookie", "cookieVal"); cookie.Expires = DateTimeOffset.Now.AddDays(1); cookie.Domain = Request.RequestUri.Host; cookie.Path = "/"; resp.Headers.AddCookies(new CookieHeaderValue[] { cookie }); return resp; } }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With