Michiel van Otegem, IT Composer
 RSS 2.0
# Friday, June 04, 2010
Forwarding cookies

Sometimes we come across integration scenario's that look straighforward, but where the devil is in the details. We needed to integrate our asp.net/silverlight application in an existing ASP "classic" site (yes, the still exist). The catch was that we needed to call the ASP "classic" site in a server to server call to get some information, but we needed to do this under the context of the current user. You may be wondering why we didn't go through a shared database or someting, but the problem is that there is little knowledge left of the old app, so changing the existing app was a no go.

So, in order to impersonate the user, you need your server-sided request look like that user. This means forwarding the cookies the user sends, and sending back the cookies the server sends to the user. Below is code that demonstrates that.

HttpWebRequest webRequestToServer = (HttpWebRequest)HttpWebRequest.Create("http://somedomain/somepage.asp");
webRequestToServer.CookieContainer = new CookieContainer();
foreach (String cookieKey in Request.Cookies)
{
    HttpCookie cookie = Request.Cookies[cookieKey];
    Cookie serverCookie = new Cookie(cookie.Name, cookie.Value, "/", "somedomain");
    webRequestToServer.CookieContainer.Add(serverCookie);
}

HttpWebResponse webResponseFromServer = (HttpWebResponse)webRequestToServer.GetResponse();
foreach (Cookie serverCookie in webResponseFromServer.Cookies)
{
    HttpCookie clientCookie = Response.Cookies[serverCookie.Name];
    if (clientCookie == null)
    {
        clientCookie = new HttpCookie(serverCookie.Name);
    }
    clientCookie.Value = serverCookie.Value;
    clientCookie.Expires = serverCookie.Expires;
    Response.Cookies.Add(clientCookie);
}
webResponseFromServer.Close();

This code works fine in a test environment, but there is a catch... in some cases the domain of the server is not set in the cookie you get on the server side. The problem with that is that when you set the domain, it doesn't correspond to what the server expects. You can see this if you write out the cookies you send/receive (both on the browser connection and te server-server connection) to a log or something (including the domain. It took a while to figure out, but replacing "somedomain" with Request.ServerVariables["LOCAL_ADDR"] did the trick.

Friday, June 04, 2010 10:23:31 PM (W. Europe Daylight Time, UTC+02:00)  #    Comments [0] -
ASP.NET | Development | English
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (Some html is allowed: a@href@title, strike) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

Enter the code shown (prevents robots):
Live Comment Preview
Sign In

Tags
.NET (31) AppFabric (1) ASP.NET (69) Cloud (1) Development (51) English (93) Evenementen (11) Events (17) HTML5 (2) iOS (2) LINQ (4) Nederlands (71) Politiek (1) Review (10) Security (3) Services (5) SharePoint (4) Silverlight (3) SQL Server (7) Virtualization (1) Visual Studio (6) WCF (14) Windows (5) Windows Azure (4) Windows Forms (1) Windows Identity Foundation (8) Windows Mobile (2) Windows Workflow Foundation (1) WinFX (4) XML (5)
Archive
<February 2012>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
26272829123
45678910
About
This is the blog of Michiel van Otegem, a Senior Software Architect with Sogeti Netherlands, and author of several books and numerous articles on (ASP).NET, XML, and related technologies.
Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2012
Michiel van Otegem
All Content © 2012, Michiel van Otegem
DasBlog theme 'Business' created by Christoph De Baene (delarou)