I'm using httpclient to request a ssl(https://) site. But I note that even if I can get response from that site, but the site still hasn't set cookie in my local. So, I cannot read cookie from filter.CookieManager.GetCookies().
I guess that's due to I have not add certificate when posting data.
I done another testing, I used webview to open this site, then I can get cookies by CookieManager.GetCookies.
So, my question is how I can use httpclient to request "https://" site and make it write cookie in my local.
Read the documentation here for the cookies from response. There is also a working example available.
Related
I would like to clarify how cookies work between angular app and the c# server controller.
This is what I gathered from various discussions and forums:
The angular client sends HTTP Request (e.g. to login) to the c# server
c# server creates the cookie (e.g. refreshToken) using:
Response.Cookies.Append("refreshToken", token, cookieOptions);
c# server returns and the cookie refreshToken is set in store on the client side
Whenever the angular client sends the HTTP request again, the cookie is set in the Request object (probably by the browser, behind the scenes - angular client does not explicitly set the cookie)
c# server receives the request and retrieves the cookie like below:
var refreshToken = Request.Cookies["refreshToken"];
Is my understanding correct?
Yes, your understanding is totally correct.
One note: Angular HttpClient does only include cookies for cross-domain requests (like in dev environment) in the request if HttpOption withCredentials is set to true.
I have an API located at http://localhost:57780.
When I attempt to call the login endpoint from my client (http://localhost:4200), I receive my cookie in the response header AND it is successfully stored in the browsers cookies.
Now, here is my issue: Using the same API, I now call the login endpoint from my client at a different DOMAIN (http://127.0.0.1:4200).
I still successfully receive my cookie in the response header ALTHOUGH the browser is not storing this cookie.
I am using the HTTP interceptor so that each call has withCredentials set to true.
I have also set Access-Control-Allow-Origin to AllowAnyOrigin.
What am I doing wrong?
P.S: This is my first stackOverflow post so any tips would be greatly appreciated :)
I want to use the domain: aaaa.com to have a login form for the site at domain: cccc.com.
Note, I have full control of the server at cccc.com and have setup CORS on the server at cccc.com. I essentially have full control of the server at aaaa.com as well.
I am using jquery's $.ajax to send a POST to the cccc.com asp.net mvc 3 server. It looks like I get the right response back and I see the ASP.NET_SessionId and .ASPXAUTH cookies in the response. When I get the correct response in javascript with no login errors, I want to redirect to cccc.com/Home/Index using window.location. Everything seems to be working up to this point. Authentication, getting a correct response, etc. However when javascript redirects, cccc.com still wants me to login again. Why is this happening?
Is it because the authentication cookies belong to aaa.com? How can I work around this?
Thanks
Yes, the authentication cookies will belong to the other site, and are not shared.
If you had a subdomain of cccc.com instead of a completely separate domain, it would work if you set a domain-wide cookie.
As it is though, you will have to copy the cookie upon login, logout, and any other authentication methods that modify how the cookie is stored. If you're on a different server, you would also lose your ability to do sessions unless you have a session state server.
You could try copying the auth cookies with javascript after your POST to log in completes.
When I add a cookie through Response.cookies.add(cookie); My cookie will not be placed on the clients side until the client requests a page from my site. At the time of request .net will do some magic, place the cookie in the response and the client will store it. Is this true? If the above assumption is true I should be able to see unplaced cookies by cookie = response.cookies("foo"). Seems logical, but is it correct?
To sum it up.
I am placing a cookie, then later in the code before the request is served I am checking if the cookie is in the request.cookies("foo") if it is not I am checking the response.cookies("foo"). This method does not work. How would i go about reading a cookie before it is sent to the client side.
The actual question I need answered; Is there a way to view a cookies information before I send it to the browser? Something along the lines of check if cookie is on browser if not do some other check to see if it is waiting to be sent.If it is waiting to be sent read data on it
thank you very much.
If I understood the question correctly then you want to add a cookie to HttpResponse at some point after receiving a request from a client. Then at a later point of processing the request you want to access the same cookie again.
This quote might help you:
"After you add a cookie by using the HttpResponse.Cookies collection, the cookie is immediately available in the HttpRequest.Cookies collection, even if the response has not been sent to the client."
(from http://msdn.microsoft.com/en-us/library/system.web.httpresponse.cookies.aspx)
I suggest you to process the cookie only at one point during the response. Thus you can check if it's available in HttpRequest, and if not then add it to HttpResponse and invoke your additional logic.
I login to a website by HTTPwebrequest, I get an authentication cookie.
When I make a new HTTP-webrequest and add the cookies from the first request to call the next page where I can see my personal data. I see that the cookies will associated with the second request if I debug it but if I check the network traffic I see that are no Cookies transmitted at the second request. I tried many possibilities to see why I don't work but I found nothing.
Does anyone know a solution?