C# FormsAuthentication

Date: 2018-02-06 
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Web.Http;
using System.Web.Security;

    public class CoreApiController : ApiController // Geen BaseApiController!
    {
[HttpGet]
        [Route("api/formsauthentication")]
        public HttpResponseMessage GetFormsAuthentication()
        {
            var userName = SandboxProvider.GetCurrentUserName();
            if (string.IsNullOrEmpty(userName))
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Not authenticated");
            }


            //var cookies = Request.Headers.GetCookies(FormsAuthentication.FormsCookieName);
            //if (cookies.Count > 0)
            //{
            //    return Request.CreateResponse("OK");
            //}

            var authTicket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(120), false, userName);
            var response = Request.CreateResponse();
            var cookie = FormsAuthentication.GetAuthCookie(userName, false);
            var cookieHeader = new CookieHeaderValue(cookie.Name, cookie.Value);
            cookieHeader.Domain = cookie.Domain;
            cookieHeader.Path = cookie.Path;
            cookieHeader.HttpOnly = true;
            //cookieHeader.Expires = cookie.Expires;

            response.Headers.AddCookies(new List<CookieHeaderValue> { cookieHeader });
            response.Headers.CacheControl = new CacheControlHeaderValue
            {
                NoStore = true,
                NoCache = true,
                MustRevalidate = true
            };
            return response;
        }
}
10100cookie-checkC# FormsAuthentication