Web API - 如何使用身份验证请求设置 cookie

Question

我已经用 asp.net web api 构建了一个小例子。我创建了一个用于身份验证的 api。当用户成功登录时，我尝试使用 set-cookie 响应标头。但是在下一个请求中，我在标头中找不到 cookie。有谁能够帮我？非常感谢！！！

        if (repository.CheckValidUser(user))
        {
            var resp = new HttpResponseMessage();

            var cookie = new CookieHeaderValue("Authorization-Token", RSAClass.Encrypt(user.Username));
            cookie.Expires = DateTimeOffset.Now.AddDays(1);
            cookie.Domain = Request.RequestUri.Host;
            cookie.Path = "/";

            resp.Headers.AddCookies(new CookieHeaderValue[] { cookie });
            return resp;
        }
        else
        {
            throw new HttpResponseException(new HttpResponseMessage() { StatusCode = HttpStatusCode.Unauthorized, Content = new StringContent("Invalid user name or password.") });
        }

我有一些关于我的请求的照片

Answer 1

您应该创建一个 DelegatingHanlder 来保存 cookie，例如：

public class MyCookieHandle : DelegatingHandler
{
    async protected override Task<HttpResponseMessage> SendAsync(
    HttpRequestMessage request, CancellationToken cancellationToken)
    {
        //
        //  Other code for retrieve user information
        //
        var cookie = request.Headers.GetCookies("Authorization-Token").FirstOrDefault();

        if (cookie == null)
        {
            cookie = new CookieHeaderValue("Authorization-Token", RSAClass.Encrypt(user.Username));
            cookie.Expires = DateTimeOffset.Now.AddDays(1);
            cookie.Domain = request.RequestUri.Host;
            cookie.Path = "/";
        }

        HttpResponseMessage resp = await base.SendAsync(request, cancellationToken);
        resp.Headers.AddCookies(new CookieHeaderValue[] { cookie });

        return resp;
    }
}

这里有更多信息：HTTP Cookies in ASP.NET Web API