I've added a custom header X-XSRF-TOKEN and when a user logs out I want to be able to remove that header from future requests sent by the browser.
In the logout web api action I can modify the header like so:
Request.GetOwinContext().Response.Headers.Append("X-XSRF-TOKEN", "ModifiedToken");
On future requests it now sends requests with the X-XSRF-TOKEN with the value ModifiedToken. Is there a way I can remove it instead. With cookies you can expire them.
If I call the remove function on the Request or Response headers, on the next request to the server the header is still present:
Request.GetOwinContext().Response.Headers.Remove("X-XSRF-TOKEN");
or
Request.GetOwinContext().Request.Headers.Remove("X-XSRF-TOKEN");
Is it even possible to do this or even guarantee the browser will actually stop sending the header?
Try This.
Request.GetOwinContext().Response.Headers.Append("NULL", "ModifiedToken");
Note - I am not sure it will work or not. But you can try this one as well.
Related
I have .net core project and add stackify prefix to monitor requests, but in response prefix show only headers but not body of response. It is possible to see all response body?
On prefix site I found information:
It can capture incoming post data, it can also capture the response and the response headers and part of the response body. Right now, we limit that to only be a certain amount of characters so if it’s returning something larger, it won’t capture all of it.
It is possible to change this?
There is not a way to change this at the moment if the response body is too large it will not show up in the traces.
Stackify has an Ideas portal that you can make suggested changes to, their COO gets notified when a new request has been made and when a request has been up voted by several clients. He takes each request into good consideration and arranges them into Stackify's road map. Also you can subscribe to the ideas to keep updated on its progress.
https://ideas.stackify.com
In an action method I want to redirect to a third party url. They collect some info from custom headers.
I have understood that I can not redirect the user, for example:
return RedirectResult(some url);
since the browser will not reattach my custom headers..
How do I do this? Is this a wrong approach?
They collect some info from custom headers.
So you can't redirect. You need to read their documentation. You're most likely expected to do an HTTP request to their server and show the user the response.
I am adding multiple custom headers in my HttpResponse and on the next request from the browser for the page, I want to read those custom headers and determine if I need to send a 304 response to the browser.
I added the custom headers using Response.AddHeader but on the next request from the browser, the custom headers were not sent.
The browser did recieve the custom headers in the response stream but did not send them on the subsequent request.
I'm expecting the headers since I need to read them on the first request and not on post requests.
NOTE: I don't want to use cookies since I don't want to increase payload. I don't want to use sessions since I don't want to burden the server. My aim to decrease processing in the server as much as possible. As I've mentioned in my comment, I read about ETags and I'm hoping the technique that's used in ETags could be used for custom headers.
There are other ways of of passing information between requests. See this discussion.
You can also use session variables.
I have learned to use http request (create and Getresponse) methods to get the header and content of a link.
Problem is that, it is not the link that I want, that I get as http response.
There is an authentication page that comes instead. Only when I click the accept button, do I reach the page I want.
So the header and content that I actually get is of the authentication page.
Is there a way I can use this header and content to create ones more http request to get the page that I want?
I need to click the accept button in the background.
Thanks.
I'd recommend using Fiddler to capture the interaction with the site using a browser. You can then use the Fiddler output as a guide for replicating the same functionality using your code.
If the site is keeping track of whether or not each user has clicked the Accept button on a per-session basis you'll need to replicate that, probably with an HTTP POST. You'll be able to see how to construct that POST, if relevant, from the Fiddler output.
I'm on IIS 6 and I have an ASP.Net 4.0 site that's a single page to serve as a SOAP reverse proxy. I have to modify the return content in order to delete a trouble node from the response and add a tracking node.
In order to facilitate its function as a reverse proxy for all addresses, I have the 404 on the server set to a custom "URL" of "/default.aspx" (the page for my app)
For requests without a payload, it works perfectly - such as for ?WSDL Urls. It requests the proper URL from the target system, gets the response and sends it back - it's pretty utterly transparent in this regard.
However, when a SOAP request is being made with an input payload, the Request.InputStream in the code is always empty. Empty - with one exception - using SOAPUI, I can override the end point and send the request directly to /default.aspx and it will receive the input payload. Thus, I have determined that the custom 404 handler is - when server-side transferring the request - stripping the payload. I know the payload is being sent - I have even wiresharked it on the server to be sure. But then when I add code to log the contents of Request.InputStream it's blank - even though Request.ContentLength shows the right content length for the original request.
I've also been looking for a good way to use ASP.Net to intercept the requests directly rather than allowing the normal IIS 404 handler to take care of it but even with a wildcard mapping, I can't seem to get the settings right nor am I fully confident that it would help. (But I'm hoping it would?)
Finally, I don't have corporate permission to install MVC framework.
Thus, I need either some configuration for IIS I am missing to make this work properly or some other method of ensuring that I get the request payload to my web page.
Thanks!
What about using an HTTP Handler mapped to all requests?
You'll need to add a wildcard application mapping as detailed here and correctly configure your HTTP Handler.