5

Please help if you can.

I have been trying to access the current session object of an asp.net application from within a WCF REST service.

There has been no success at all. the session object accessed from the service is not the same one in the aspx pages.

So, here is my question: Is it possible to access the current session in a REST WCF service through HttpContext.Current.Session ?

The code has the following points:

 [AspNetCompatibilityRequirements
(RequirementsMode = 
AspNetCompatibilityRequirementsMode.Allowed)] // I have also tried Required
public class DataService : IDataService

in web.config:

<system.serviceModel>
  <behaviors>
   <endpointBehaviors>
    <behavior name="ClosedRoom.DataServiceBehavior">
     <enableWebScript />
    </behavior>
   </endpointBehaviors>
  </behaviors>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" >
  <baseAddressPrefixFilters>
        <add prefix="http://localhost:63399"/>
      </baseAddressPrefixFilters>
    </serviceHostingEnvironment>

  <services>
    <service name="ClosedRoom.DataService">
      <endpoint address="" behaviorConfiguration="ClosedRoom.DataServiceBehavior"
        binding="webHttpBinding" contract="ClosedRoom.IDataService" />
    </service>
  </services>
</system.serviceModel>

Thank you,

Mohammed Swillam
  • 9,119
  • 4
  • 36
  • 47
  • 1
    WCF ans ASP.NET are two completely different technologies. Please clarify your question. Its not clear what you try to accomplish. ASP.NET sessions are independent of any WCF service session you may host in your (ASP.NET web?) application. – Jan Dec 28 '10 at 12:09
  • Try downloading sample application from http://blogs.msdn.com/b/wenlong/archive/2010/02/21/using-asp-net-sessions-from-wcf.aspx and try to figure out what you are missing. – decyclone Dec 28 '10 at 13:10
  • Do you call the service from your application or from browser? Did you try to check transfered cookies? Session in ASP.NET is identified by cookie. If cookie is not transfered with a service request new session is created. Btw. REST services should be stateless = without any session. – Ladislav Mrnka Dec 28 '10 at 13:13
  • For an ashx, you need to "implement" [IReadOnlySessionState](http://msdn.microsoft.com/en-us/library/system.web.sessionstate.ireadonlysessionstate.aspx), maybe that helps here also? – Hans Kesting Dec 28 '10 at 16:40

2 Answers2

4

In order for a session to be rehidrated, you need to supply a key. In a normal asp.net application that key is supplied by user either via cookie or url parameter.

How are you planning to acquire that key from the REST client? How those clients get that key initially after the authentication? Where they store the key?

This is why most of the REST based services take a api access key and also another key to sign every request.

IMHO sessions are irrelevant in REST based designs.

chandmk
  • 3,496
  • 3
  • 21
  • 26
  • I agree with the sentiment of this post. I think the OP needs to add another element to his architecture. – jcolebrand Dec 28 '10 at 13:57
  • @user6130: Thank you for this answer. Just as a question for me: I want to add the userid in a cookie (which I set at login time with a sliding expiration of 5 minutes) and use that to sign my request and check server side if that userid has access to the data he tries to request. Would that be considered good practice? Thanks! :) – Adam Sep 11 '13 at 21:11
1

I know this question was asked a long time ago but this can be achieved by hosting the wcf restful service within an asp.net application and then on the top of your service class add the following attribute:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

This enables many things including:

HttpContext: WCF services running in ASP.NET Compatibility Mode can access Current and its associated state.

See here for more info: What does AspNetCompatibilityRequirements really mean?

Community
  • 1
  • 1
Rafi
  • 2,433
  • 1
  • 25
  • 33