Home/ Questions/Q 4025188
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T10:48:55+00:00

I want to use the Request , Response properties of System.Web.Mvc.Controller class to set

  • 0

I want to use the Request, Response properties of System.Web.Mvc.Controller class to set and read cookies in the HTTP request and response. The reason to do so is – it obviates the need for writing utility classes that read from requests and populate data in some helper class. I can push all such code in custom base controller (from which all my controllers are derived from).

So I have got following code in my `BaseController’

if (Request != null)
{
   HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
   if (authCookie != null)
   {
        HttpContext.User = new GenericPrincipal(new GenericIdentity(authCookie.Value), null);
        Thread.CurrentPrincipal = HttpContext.User;
   }
}

but the Request is always null. How is this populated?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have this code in the constructor of your base controller then it is normal. You need to put it in the Initialize method. Also what you are doing shouldn’t be done in a controller. Looking at your code you seem to be populating the HttpContext.User property: this should be done in a custom Authorize action filter.

    For example:

    public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
    {
        var result = base.AuthorizeCore(httpContext);
        if (result)
        {
            var authCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                httpContext.User = new GenericPrincipal(new GenericIdentity(authCookie.Value), null);
                Thread.CurrentPrincipal = httpContext.User;
            }
        }
        return result;
    }
}

    and then decorate your base controller with this attribute:

    [MyAuthorize]
public abstract class BaseController: Controller
{}

    Notice that this attribute requires the user to be authenticated in order to give access to the corresponding action so use it only on controllers/actions that require authentication.

    • 0