dotnet web services: Hi everyone.

My web application wants to take advantage of an encrypted
authentication cookie that's provided by another application on the
same server. The cookie is visible on the client side, but when I
invoke a method on my web service no cookies are visible.

For example, here is the relevant code in an example Javascript
client:

var o = new ActiveXObject("MSXML2.XMLHTTP");
o.open("POST","http://localhost/Example/Service1.asmx",false);
o.setRequestHeader("Content-Type", "text/xml");
o.setRequestHeader("SOAPAction", "http://tempuri.org/HelloWorld");
o.setRequestHeader("Cookie", "foo=bar; baz=quux");
o.setRequestHeader("Cookie", "foo=bar; baz=quux");
o.setRequestHeader("FOO", "BAR");
var msg = "<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-
instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema'
xmlns:soap='http://schemas.xmlsoap.org/soap/
envelope/'><soap:Body><HelloWorld xmlns='http://tempuri.org'></
HelloWorld></soap:Body></soap:Envelope>";
o.send(msg);
alert (o.responseXML.xml);

And here is the relevant code in the C# method it calls:

[WebMethod]
public string HelloWorld()
{
return "Hello World! There are " +
Context.Request.Cookies.Count.ToString() + " cookies! Your FOO header
is " + Context.Request.Headers["FOO"] + " but your Cookies header is "
+ Context.Request.Headers["COOKIES"];
}

What I get back in the alert message indicates zero cookies and a
completely empty Cookies header, but the FOO header comes through with
the "BAR" content. So it seems that something is stripping the Cookies
header from my request.

My multipart question: Is there some feature of the .NET Framework
that prevents cookies from coming through? Or is it the XMLHTTP client-
side object? Or am I missing the point entirely?

Please post solutions, commiseration, war stories, and pointers to
documentation. Thanks in advance.


Mark W. Schumann

dad107@underflap.com wrote in news:2001dd32-a9af-472f-a1c2-
345389d87e3a@a23g2000hsc.googlegroups.com:

[quoted text, click to view]

Have you looked at building RESTful Web services instead? Seems like
you're trying to connect to the web service using a lgnague that does
not natively support web services... in which case RESTful style
webservices would be better.

But in anycase, I think for cookies to work in webservices, you need to
enable session statefulness. Not good if you're planning for
scalability.

Instead - use SOAP headers to transfer this sort of information (instead
of cookies).

--

[quoted text, click to view]

The problem is that I'm being given an authentication cookie. That's
what
the environment supports.


[quoted text, click to view]

But I don't need my service to manage a session--it just needs to see
a
cookie that I know is in the request headers.


[quoted text, click to view]

That's the crazy thing. Other headers (such as the fake "Foo" header
in
my posted example) come through fine. It's just "Cookie" that gets
eaten
along the way. If I call it "Foo" or "CookieX" or whatever, that
works.

My point is that it looks as though something in the .NET Framework
removes "Cookie" headers, and only "Cookie" headers, from incoming
requests to a Web Service. I'm trying to figure out why this is
happening.