LRF*_*k01 6 c# asp.net-web-api asp.net-web-api2
我正在尝试执行经过身份验证的Web api请求,该请求不会重置身份验证Cookie超时.在MVC世界中,我将通过从响应中删除FormsAuthenication cookie来实现此目的:
Response.Cookies.Remove(System.Web.Security.FormsAuthentication.FormsCookieName);
在Web API 2中,我编写了一个自定义的IHttpActionResult,我从响应中删除了Set-Cookie标头.但是,这不是删除标头,因为在为使用此操作结果的请求更新auth cookie时,我仍然会看到Set-Cookie标头.
这是自定义IHttpActionResult:
public class NonAuthResetResult<T> : IHttpActionResult where T: class
{
private HttpRequestMessage _request;
private T _body;
public NonAuthResetResult(HttpRequestMessage request, T body)
{
_request = request;
_body = body;
}
public string Message { get; private set; }
public HttpRequestMessage Request { get; private set; }
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
var msg = _request.CreateResponse(_body);
msg.Headers.Remove("Set-Cookie");
return Task.FromResult(msg);
}
}
如何编辑Web API 2中的响应标头,因为这不起作用.
Global.asax可以删除Application_EndRequest事件中的cookie.并且您可以设置一个变量,以便稍后由Application_EndRequest选取.
步骤1.创建一个动作过滤器,在Context.Items中设置变量:
public class NoResponseCookieAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
System.Web.HttpContext.Current.Items.Add("remove-auth-cookie", "true");
}
}
步骤2.在global.asax文件中处理Application_EndRequest事件.如果存在步骤1中的变量,请删除cookie.
protected void Application_EndRequest()
{
if (HttpContext.Current.Items["remove-auth-cookie"] != null)
{
Context.Response.Cookies.Remove(System.Web.Security.FormsAuthentication.FormsCookieName);
}
}
步骤3.使用自定义过滤器装饰您的web api操作:
[NoResponseCookie]
public IHttpActionResult GetTypes()
{
// your code here
}