topcat 姍舞之間的極度凝聚

緣起：

小喵想研究 WebAPI 中，怎麼樣去處理CSRF的防護，在ASP.NET WebForm中，會自動產生「確認碼」放在HiddenFileld，並且每次接受Request的時候會自動檢查。那麼在WebAPI中，應該用什麼樣的方式來處理呢?小喵想到，或許可以用 MessageHandler 搭配 Cookie來處理。這一篇就來記錄怎麼在 Message Handler 中，存取Cookie

MessageHandler檔案

首先，先新增 MessageHandler 檔案。在 Models 中，新增一個類別，內容如下：

Imports System.Net.Http
Imports System.Net.Http.Headers

Public Class TestMessageHandler
    Inherits DelegatingHandler

    Protected Overrides Async Function SendAsync(request As HttpRequestMessage, cancellationToken As Threading.CancellationToken) As Threading.Tasks.Task(Of HttpResponseMessage)

        '處理Request
        Dim TestID As String = getCookie(request, "TestID")


        '透過非同步方式運作，這裡來承接回傳時的response內容
        Dim response = Await MyBase.SendAsync(request, cancellationToken)

        TestID = Format(Now, "yyyyMMddHHmmss") & Guid.NewGuid().ToString.ToUpper

        Dim tCookie As New CookieHeaderValue("TestID", TestID)
        tCookie.Expires = DateAdd(DateInterval.Minute, 20, Now)
        tCookie.Domain = request.RequestUri.Host
        tCookie.Path = "/"

        Dim Cookies As IEnumerable(Of CookieHeaderValue) = New CookieHeaderValue() {New CookieHeaderValue("TestID", TestID)}

        response.Headers.AddCookies(Cookies)

        '把response繼續往前傳
        Return response

    End Function

    ''' <summary>
    ''' 取得Cookie
    ''' </summary>
    ''' <param name="request">Request</param>
    ''' <param name="CookieName">Cookie的名字</param>
    ''' <returns></returns>
    Public Function getCookie(ByVal request As HttpRequestMessage, ByVal CookieName As String) As String
        Dim Rc As String = ""
        Dim cookie As CookieHeaderValue = request.Headers.GetCookies(CookieName).FirstOrDefault()
        If cookie IsNot Nothing Then
            Rc = cookie(CookieName).Value
        End If
        Return Rc
    End Function
End Class

 

Global.asax 註冊 MessageHandler

接著，把剛剛的 MessageHandler 註冊到 Global.asax中

Imports System.Web.Http
Imports System.Web.Optimization

Public Class WebApiApplication
    Inherits System.Web.HttpApplication

    ''' <summary>
    ''' 掛載Message Handler
    ''' </summary>
    ''' <param name="config"></param>
    ''' <remarks></remarks>
    Shared Sub Configure(config As HttpConfiguration)
        '這裡可以設定要掛載多組Message Handler
        config.MessageHandlers.Add(New TestMessageHandler())
    End Sub

    Protected Sub Application_Start()
        '在Application_Start事件，呼叫寫的Sub掛上
        Configure(GlobalConfiguration.Configuration)

        AreaRegistration.RegisterAllAreas()
        GlobalConfiguration.Configure(AddressOf WebApiConfig.Register)
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters)
        RouteConfig.RegisterRoutes(RouteTable.Routes)
        BundleConfig.RegisterBundles(BundleTable.Bundles)
    End Sub
End Class

參考資料

Example: Set and Retrieve Cookies in a Message Handler

---

以下是簽名：

• 歡迎轉貼本站的文章，不過請在貼文主旨上加上【轉貼】，並在文章中附上本篇的超連結與站名【topcat姍舞之間的極度凝聚】，感恩大家的配合。
• 小喵大部分的文章會以小喵熟悉的語言VB.NET撰寫，如果您需要C#的Code，也許您可以試著用線上的工具進行轉換，這裡提供幾個參考
  • http://converter.telerik.com/
  • http://www.carlosag.net/tools/codetranslator/
  • http://www.developerfusion.com/tools/convert/vb-to-csharp/

---

Microsoft MVP Visual Studio and Development Technologies (2005~2019/6)

topcat Blog:http://www.dotblogs.com.tw/topcat