Search code examples
asp.net-mvccookiesasp.net-core-webapicross-domainasp.net-core-2.0

ASP.NET Core 2.1 MVC - Not being able to set the cookie received from the web api response


My ASP.NET Core 2.1 based MVC (client) application consumes webapi.

Client application url: http://testdomain.com:8458/

Web Api url: http://testdomain.com:8404/

On web api action method setting up cookie as below,

 public async Task<IActionResult> GetOrdersAsync(string parameter)
    {
        HttpContext.Response.Cookies.Append(
                    "cookieKey",
                    "cookieValue",
                    new Microsoft.AspNetCore.Http.CookieOptions { IsEssential = true }
                );

        return Ok();           
    }

On client MVC application which calls the webapi, in the response object I can see the presence of 'set-cookie' header

    [Microsoft.AspNetCore.Cors.EnableCors]
    [HttpGet]
    [AllowAnonymous]
    public async Task<IActionResult> ShowOrdersAsync(string parameter)
    {
      var response = await serviceClient.GetOrdersFromBackendAsync(parameter);
      return Ok(response);
    }

enter image description here

But cookie in the response header, not getting stored in the browser cookie store

enter image description here

What Im missing? how to set the cookie received from webapi app in the client app browser?

On Startup.cs included below pipeline code,

 public void ConfigureServices(IServiceCollection services)
    {
      services.AddCors(options =>
        {
            options.AddDefaultPolicy(
                builder =>
                {
                    builder.AllowAnyOrigin()
                                 .AllowAnyMethod()
                                 .AllowAnyHeader()
                                 .AllowCredentials();
                });
        });

        // Add framework services.
        services.AddMvc();
 }

 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
       app.UseCors();
        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=LandingPage}/{id?}");
        });
    }

Solution

  • According to your codes and description, I found you try to use MVC controller method to call web api and the api return the set-cookie header.

    During this action, the MVC controller is the client and the web api is the server, the server return the set-cookie header to the MVC client. This part is right.

    But the MVC controller will not auto return this set cookie to the browser client, since the MVC is the server and you don't have any codes to add the set-cookie header.

    If you want to set cookie to client, I suggest you could add codes into the MVC controller not web api controller, since MVC controller could add the cookie to the client browser not the web api.

    More details, you could refer to below codes:

    [Microsoft.AspNetCore.Cors.EnableCors]
    [HttpGet]
    [AllowAnonymous]
    public async Task<IActionResult> ShowOrdersAsync(string parameter)
    {
      var response = await serviceClient.GetOrdersFromBackendAsync(parameter);
            HttpContext.Response.Cookies.Append(
                  "cookieKey",
                  "cookieValue",
                  new Microsoft.AspNetCore.Http.CookieOptions { IsEssential = true }
              );
    
      return Ok(response);
    }
    

    According to your description, you could firstly read the cookie and then add it into the MVC controller response.

    More details, you could refer to below codes:

        public IActionResult Index()
        {
            HttpClient httpClient = new HttpClient();
    
            var re = httpClient.SendAsync(new HttpRequestMessage(HttpMethod.Get, "https://localhost:44387/WeatherForecast")).Result;
    
    
            var Cookies = ExtractCookiesFromResponse(re);
    
            foreach (var item in Cookies)
            {
                HttpContext.Response.Cookies.Append(
                   item.Key,
                   item.Value,
                   new Microsoft.AspNetCore.Http.CookieOptions { IsEssential = true });
            }
    
    
           
            return View();
        }
    
        public static IDictionary<string, string> ExtractCookiesFromResponse(HttpResponseMessage response)
        {
            IDictionary<string, string> result = new Dictionary<string, string>();
            IEnumerable<string> values;
            if (response.Headers.TryGetValues("Set-Cookie", out values))
            {
                Microsoft.Net.Http.Headers.SetCookieHeaderValue.ParseList(values.ToList()).ToList().ForEach(cookie =>
                {
                    result.Add(cookie.Name.Value, cookie.Value.Value);
                });
            }
            return result;
        }
       
    

    Result:

    enter image description here