We just started adding the authorize attribute to our api endpoints. Everything was working fine until we put these changes into our test environment. When ANY cookie has a space in the name it causes the api to kick back a 401. I was wondering if anyone had this same issue or if there was some way to either fix the cookie or api?
Asked
Active
Viewed 105 times
0
-
2I don't think spaces are allowed in cookie name http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies – Habib Sep 17 '14 at 17:20
-
They are not, but I don't have any control over our customers creating bad cookies. I am looking for a way to handle this. I was thinking about running a check and deleting any bad cookies. But I was hoping there was a better way. I HATE the idea of deleting anything, especially when I don't know what it is. – DeadlyChambers Sep 17 '14 at 17:22
1 Answers
0
The reason it was returning a 401 was the get cookies method was returning null.
HttpRequestHeaders.GetCookies("COOKIENAME");
So even though that cookie existed. If ANY cookie had a space (or invalid char) in the name it would cause that method to return null. In the case you are using this in a filter (in our case a MembershipAuthorization) then you will have to access the cookies in different way. I am not happy about it, but I used a string split on semicolon. Which isn't guarenteed because if the value is not urlencoded then there could be a semicolon that would throw this off.
var cookiesString = actionContext.Request.Headers.GetValues("Cookie").First();
try
{
foreach (var cook in cookiesString.Split(';'))
{
if (cook.Split('=').First().ToUpper().Trim() == "COOKIENAME")
{
currentUser = cook.Split('=')[1];
}
}
}
DeadlyChambers
- 5,217
- 4
- 44
- 61