Hi everyone,
We developped a WebService with Visual Studio .Net and we faced an
authentication problem with a java client. My assumption is that this
is because cookies passed from client are misunderstood by the
framework.
Basically, these are the headers received from the client (I used a
packet sniffer to know exactly what we received from him before the
framework modifies it):
==========================*======================= =======*=
POST /webservices/csaccessservices.*asmx HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml,...(trunc*ated for clarity)
User-Agent: Axis/1.2.1
Cache-control: no-cache
Pragma: no-cache
SOAPAction: "http://cedrom-sni.com/schema/WhoAmI"
Content-Length: 308
Authorization: Basic Y253ZG5hMTNFXzE6Y253ZG5FMQ==
Cookie: ASP.NET_SessionId=xsigyd55n0nf*4q55kujvolzi
Cookie: IDENTITY=C2AC936CD45DE...(trun*cated for clarity)
==============================*=================== ========
and this is what I have when I look at the headers and server variables
when entering Application_BeginRequest method:
==============================*=================== ========
POST /webservices/csaccessservices.*asmx HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 308
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml,...(trunc*ated for clarity)
Authorization: Basic Y253ZG5hMTNFXzE6Y253ZG5FMQ==
Cookie: ASP.NET_SessionId=xsigyd55n0nf*4q55kujvolzi, IDENTITY=C2A...
User-Agent: Axis/1.2.1
SOAPAction: "http://cedrom-sni.com/schema/WhoAmI"
==============================*=================== ========
As you can see, cookies have been merged on a single line. If it
worked, I wouldn't care about it, but it isn't. When I look at
Context.Request.Cookies object provided by the framework, I see that
there is only one cookie! It's name is ASP.NET_SessionId (the first
cookie) and it's value is the IDENTITY-value (C2A...)!!! So it seems
like the framework doesn't parse correctly the cookies, but I don't
know why??? It doesn't see the second cookie but it takes the second
cookie's value and associate this value with the first cookie. This is
kind of weird!!!
When I ask for the value of
Context.Request.ServerVariable*s["HTTP_COOKIE"], the entire line is
returned.
I was able to reproduce this strange behavior by calling our webservice
using System.Net.WebRequest with a POST method. The cookies were on a
single line and separated by "," and they cookies were parsed by the
framework exactly the same way they are when called from java.
I know that if I call this webservice from a .Net client with
WebReferences it works well, but there is a slight difference between
the calls: cookies are separated by ";" instead of ",".
Any hint or help would be appreciated.
Thanks
Karl