CODEWITHSUNDEEP
.netauthenticationwcf-data-servicesodata
user1569157
user1569157

Reputation: 23

How to access the WebResponse in a WCF Data Service client so that I can use the cookies it contains?

I'm writing a .NET app that calls a WCF Data Service that requires authentication credentials to be passed in an HTTP header. I'm setting that header in a DataServiceContext.SendingRequest event handler. The service then returns an authentication token in a cookie. The client is expected to provide this cookie on subsequent calls. I can set cookies in the SendingRequest event, but I've been unable to find a way to hook the response in order to get the cookie in the first place. (Why isn't there a DataServiceContext.ResponseReceived event?) Can anyone tell me either (1) how to hook the response so that I can read the HttpWebResponse.Cookies collection, or (2) how to configure the WCF Data Service client plumbing to handle cookies automatically?

Thanks for any insights or direction!

Dave

Upvotes: 0

Views: 922

Answers (2)

Vitek Karas MSFT
Vitek Karas MSFT

Reputation: 13310

I can't think of a way to do this through event handlers. But you can get to it through the OperationResponse. For example if you invoke the query by running Execute it returns an instance which derives from OperationResponse (http://msdn.microsoft.com/en-us/library/system.data.services.client.operationresponse.aspx). That exposes the response headers. This is also true for SaveChanges and so on.

Upvotes: 1

Mark Stafford - MSFT
Mark Stafford - MSFT

Reputation: 4336

It's not entirely clear where you need to access the cookie value, but you should be able to hook into the processing pipeline by wiring up an event handler in your service's constructor, e.g:

public ScratchService()
{
    ProcessingPipeline.ProcessingRequest += (source, e) =>
        {
            WebHeaderCollection headers = e.OperationContext.RequestHeaders;
            string acceptHeader = headers["CustomCookie"];
            if (acceptHeader == null || !acceptHeader.Equals("Passw0rd"))
            {
                throw new DataServiceException(403, "You had a bad cookie.");
            }
        };
}

ProcessingRequest happens before the rest of the pipeline is invoked, so that should be a reasonable place for you to put your authentication in. Obviously you'll want something slightly more secure than the example above. :)

Upvotes: 0

Related Questions