Hi everyone.
My web application wants to take advantage of an encrypted
authentication cookie that's provided by another application on the
same server. The cookie is visible on the client side, but when I
invoke a method on my web service no cookies are visible.
For example, here is the relevant code in an example Javascript
client:
var o = new ActiveXObject("MSXML2.XMLHTTP");
o.open("POST","http://localhost/Example/Service1.asmx",false);
o.setRequestHeader("Content-Type", "text/xml");
o.setRequestHeader("SOAPAction", "http://tempuri.org/HelloWorld");
o.setRequestHeader("Cookie", "foo=bar; baz=quux");
o.setRequestHeader("Cookie", "foo=bar; baz=quux");
o.setRequestHeader("FOO", "BAR");
var msg = "<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-
instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema'
xmlns:soap='http://schemas.xmlsoap.org/soap/
envelope/'><soap:Body><HelloWorld xmlns='http://tempuri.org'></
HelloWorld></soap:Body></soap:Envelope>";
o.send(msg);
alert (o.responseXML.xml);
And here is the relevant code in the C# method it calls:
[WebMethod]
public string HelloWorld()
{
return "Hello World! There are " +
Context.Request.Cookies.Count.ToString() + " cookies! Your FOO header
is " + Context.Request.Headers["FOO"] + " but your Cookies header is "
+ Context.Request.Headers["COOKIES"];
}
What I get back in the alert message indicates zero cookies and a
completely empty Cookies header, but the FOO header comes through with
the "BAR" content. So it seems that something is stripping the Cookies
header from my request.
My multipart question: Is there some feature of the .NET Framework
that prevents cookies from coming through? Or is it the XMLHTTP client-
side object? Or am I missing the point entirely?
Please post solutions, commiseration, war stories, and pointers to
documentation. Thanks in advance.
Mark W. Schumann
Some Guy on Bridge Avenue
