用.Net HttpClient设置'每个请求'的cookie

Question

您好我正在尝试使用Owin基础设施来实现简单的http代理服务。此代理必须使用Windows身份验证对用户进行身份验证，从企业AD中提取用户属性，将此信息作为cookie值添加到原始请求中，然后将请求重定向到Internet上的应用程序（称为“外部应用程序”）。

我正在使用HttpClient向外部应用程序发送请求。

但是HttpClient不适合这种情况。似乎唯一允许的使用cookie的方式是将它们放入CookieContainer中，并将此CookieContainer设置为HttpClientHandler的属性。当你有单一用户时没关系，但如果是代理服务，来自不同用户的cookie值将会混合并相互覆盖。

是否有任何方法可以为每个请求设置Cookie或CookieContainer？或者，也许有更好的方式来重定向请求？

P.S.下面是一些代码：

初始化HTTP处理的：

private void RegisterRoutes(HttpConfiguration config) 
    { 
     config.Routes.MapHttpRoute(
      name: "Proxy", 
      routeTemplate: "{*path}", 
      handler: HttpClientFactory.CreatePipeline 
       (
        innerHandler: new HttpClientHandler(), 
        handlers: new DelegatingHandler[] 
        { 
         new ProxyHandler() 
        } 
       ), 
      defaults: new { path = RouteParameter.Optional }, 
      constraints: null); 
    } 

ProxyHandler 内部类ProxyHandler：DelegatingHandler { 私人只读HttpClient的_client;

public ProxyHandler() 
    { 
     var handler = new HttpClientHandler { ClientCertificateOptions = ClientCertificateOption.Automatic}; 

     _client = new HttpClient(handler); 
    } 

    protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) 
    { 
     var forwardUri = new UriBuilder(request.RequestUri); 
     forwardUri.Host = "localhost"; 
     forwardUri.Port = 23016; 
     forwardUri.Scheme = Uri.UriSchemeHttp; 

     request.RequestUri = forwardUri.Uri; 
     request.Headers.Host = forwardUri.Host; 

     //Explicitly null it to avoid protocol violation 
     if (request.Method == HttpMethod.Get || request.Method == HttpMethod.Trace) 
      request.Content = null; 

     try 
     { 
      var response = await _client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, cancellationToken); 

      //Explicitly null it to avoid protocol violation 
      if (request.Method == HttpMethod.Head) 
       response.Content = null; 
      return response; 
     } 
     catch (Exception ex) 
     { 
      var response = request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex); 
      string message = ex.Message; 
      if (ex.InnerException != null) 
       message += ':' + ex.InnerException.Message; 
      response.Content = new StringContent(message); 
      Trace.TraceError("Error:{0}", message); 
      return response; 
     } 
    } 

    private void SetCookies(HttpRequestMessage request) 
    { 
     var container = new CookieContainer(); 

     var authCookieValue = "2EF91D8FD9EDC594F2DB82"; 
     var authCookie = new Cookie("cookieByProxy", authCookieValue); 

     var targetUri = new Uri("http://localhost:23016/"); 
     container.Add(targetUri, authCookie); 

     var cookieHeader = container.GetCookieHeader(targetUri); 

     if (!string.IsNullOrEmpty(cookieHeader)) 
      request.Headers.TryAddWithoutValidation("Cookie", cookieHeader);//Overwriting cookie header with custom values. However cookie values are ignored by HttpClient (both old and new) 
    } 
} 

Answer 1

发现这里的解决方案：enter link description here 诀窍是在HttpClientHandler的UseCookie标志明确设置为假。

var handler = new HttpClientHandler { ClientCertificateOptions = ClientCertificateOption.Automatic, UseCookie = false };