Reputation: 441
Sitecore context & HttpWebRequest
Is it possible to pass Sitecore Credentials via an HttpWebRequest? The code below works great, except for the fact that the asmx being called executes as the anonymous user. I'd like to be able to pass the sitecore current user credentials to the page I'm calling.
CookieContainer cookieJar = new CookieContainer();
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("ttp://localhost/file.asmx");
req.Headers.Add("SOAPAction", "\"h_ttp://tempuri.org/Register\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
req.ContentLength = 0;
req.CookieContainer = cookieJar;
WebResponse response = req.GetResponse();
Stream responseStream = response.GetResponseStream();
StreamReader respStrm = new StreamReader(response.GetResponseStream(), System.Text.Encoding.ASCII);
string responseITem = respStrm.ReadToEnd();
HttpContext.Current.Response.Write(responseITem);
HttpContext.Current.Response.End();
Upvotes: 1
Views: 1627
Answers (2)
Reputation: 4092
You need to add the current user credentials to the request so you can retrieve them in your asmx webservice and use the credentials to log the user so the context is set.
// add the credentials to the Post method
var credentials = "yourCredentials";
req.ContentLength = credentials.Length;
using (var dataStream = req.GetRequestStream())
{
dataStream.Write(credentials, 0, credentials.Length);
}
In your asmx webservice you can login with the userName only or the combination of the userName and Password which are retrieved from the request.
Sitecore.Security.Authentication.AuthenticationManager.Login(userName);
EDIT: there is a security risk here when sending credentials as plain text, use at least HTTPS to make it more secure.
Upvotes: 2
Reputation: 4727
The Sitecore user credential informations are stored in a cookie. So you could add client cookies to your http request:
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
request.CookieContainer = new CookieContainer();
HttpCookieCollection userCookies = Request.Cookies;
for (int userCookieCount = 0; userCookieCount < userCookies.Count; userCookieCount++)
{
HttpCookie httpCookie = userCookies.Get(userCookieCount);
Cookie cookie = new Cookie();
/* We have to add the target host because the cookie does not contain the domain information.
In this case, this behaviour is not a security issue, because the target is our own platform.
Further informations: http://stackoverflow.com/a/460990
*/
cookie.Domain = request.RequestUri.Host;
cookie.Expires = httpCookie.Expires;
cookie.Name = httpCookie.Name;
cookie.Path = httpCookie.Path;
cookie.Secure = httpCookie.Secure;
cookie.Value = httpCookie.Value;
request.CookieContainer.Add(cookie);
}
You could also check our Sitecore Error Manager module. There we also create http requests with sending the client cookies (see lines 149-170):
https://github.com/unic/SitecoreErrorManager/blob/master/Modules.ErrorManager/Controls/BaseError.cs
Upvotes: 3
Related Questions
- How can I access HttpContext in my data access code in ASP.NET Core?
- HTTPContext.Request Method Equivalent in .Net 6
- Sitecore context in HttpHandler
- Using HttpContextAccessor in a .NET 4.6 project
- How to initialise a custom HTTP Context or HttpContextBase
- Sitecore context in HttpModule
- Use Httpcontext in data Access Layer
- How HttpContext works in .NET
- Does Sitecore.Context.Item make use of HttpContext?
- HttpContext is null when request is not coming from a browser