Session Cookies and HttpClient running in MVC

Question

I'm struggling with an authentication issue between an MVC app and a Azure Mobile App.

The MVC app calls the Mobile App login end https:<api>/.auth/login/microsoftaccout?post_url_login=location

That all works, the Mobile app calls Live to authenticate and redirect all the way back to the MVC app works fine.

On the MVC site, any <a> links that point at the api authorise and return results as expected. But using an httpclient within a controller fails with a 401.

When I look at the trace and the Azure Mobile App log, clicking the <a> link I see an AppServiceAuthSession cookie added to the Request Header. The Httpclient trace does not have this.

How do I get the HttpClient to act the same way as if clicking an <a> link?

You can specify cookies/headers for the httpClient. See http://stackoverflow.com/questions/12373738/ — kravits88, Jan 21 '16 at 13:44

score 0 · Answer 1 · answered Jan 21 '16 at 13:49

0

You can add in a cookie such as:

var cookies = new CookieContainer();
using (var handler = new HttpClientHandler() { CookieContainer = cookies })
using (var client = new HttpClient(handler) { BaseAddress = new Uri("http://example.com")})
{
    var cookieDomain = "some domain";
    cookies.Add(cookieDomain, new Cookie("CookieName", "cookie_value"));

    // Use client
}

In theory you could read the cookie out of Response.Cookies on the MVC controller and pass the values through to your endpoint as needed.

answered Jan 21 '16 at 13:49

NikolaiDante

18,469
14
77
117

Unfortunately niether of those two suggestions worked. When I add the cookie, the `Request.Header.Cookie` on the response says `AppServiceAuthSession=deleted`. When I look at the controller for `Reponse.Cookies`, there isn't one called `AppServiceAuthSession`. – Alan Le Marquand Jan 21 '16 at 14:47

Session Cookies and HttpClient running in MVC

1 Answers1