Manage cookies using Web API

By Ugo Lattanzi on Dec. 3rd , 2012 in webapi | comments

Share On Google Share On Facebook Share On Twitter

In my last project, I’ve deeply used WebApi, both for the client side and server side. In fact my application must call several REST endpoints developed with java and, after a code elaboration, I have to expose the data to other clients (javascript into an html page in this case).

One of the pillars request by the Java services (really is not a technology request but just from the implementation made by the external company) is to read all cookies from the response and then send them back to the next requests (like a proxy).

To make more clear where my app is, I realized the following chart:

As you can see the communication between my application and the Java Rest endpoint is based on the client library released with Web API. In fact, Web API is more than a service library used just to expose data; it includes a client library that makes very easy to execute a REST call, so let’s start to install the client package named “Microsoft ASP.NET Web API Client Libraries” from NuGet!

From now on, if you need to create a web request, you should do something like in the code below:

HttpClient client = new HttpClient();

HttpResponseMessage response = await client.GetAsync(requestUrl);

//response contains all you need

My problem was to manage the cookie from the response, since I needed to read the cookies and then store them somewhere for the next request. Obviously, the example above is really simple and it’s not enough for me because I need to read all the cookies and then send them to the browser.

Fortunately, there is an easy way to read the cookies from an Http Response using Web Api client library. The first thing to do is to create an instance of HttpClientHandler, inizialize the CookieContainer collection and then use it the HttpClient Constructor:

HttpClientHandler handler = new HttpClientHandler
                                UseCookies = true,
                                UseDefaultCredentials = true,
                                CookieContainer = new CookieContainer()

HttpClient client = new HttpClient(handler);

HttpResponseMessage response = await client.GetAsync(requestUrl);

// hanlder.CookieContainer contains your cookies

Now, after the request, the CookieContainer should contain the correct cookies.  Now we need to manage the cookie’s type, since we have two different kind of responses: one for ASP.NET MVC and one for Web API.

The two frameworks have no shared assemblies, it means that the cookies are represented by different classes in different namespaces with the same kind of data and I’m in a weird situation:

Three different classes, the first one comes from the client and the others for the response to the browsers.

For this reason, I created a Cookie manager class that moves the data from a cookie class to another one. To use the cookie in ASP.NET MVC is really simple, we just need to use the HttpContext (Request or response, depends if you need to add or read a cookie) like the code below:


HttpContext.Response.Cookies.Add(new HttpCookie("cookieName"));

For the Web API the approach is different. In fact, into the controller, there isn’t the HttpContext class like into MVC, so we need to manage the data using the HttpHeader like this:

var cookies = actionContext.Request.Headers.GetCookies();


Now I’m able to read cookies from everywhere and my last goal is to find a valid entry point where to manage the cookie read/write for MVC and Web API (easy ActionInvoker J)