Multiple 'using' statements in method implementation

I'm learning WebAPI framework for ASP.NET and C#. Is the following way of handling incoming data correct?

```
[HttpPost]
[ExpiredCookieCheck]
public IHttpActionResult Auth([FromBody]AuthenticationData authenticationData)
{
try
{
if (authenticationData == null)
using (var responseManager = new ResponseManager())
return responseManager.PrepareMessage(
HttpStatusCode.Unauthorized,
"No authentication model was provided in request body.",
null,
ResponseManager.ResponseType.InterfacePlainText
);

using (var authenticationHandler = new AuthenticationHandler())
{
var validationData = authenticationHandler.CheckAuthenticationDataFromWeb(authenticationData);

if (!validationData.Key)
using (var responseManager = new ResponseManager())
return responseManager.PrepareMessage(
HttpStatusCode.Unauthorized,
"Incorrect credentials for authentication.",
null,
ResponseManager.ResponseType.InterfacePlainText
);

using (var cookieManager = new CookieManager())
using (var responseManager = new ResponseManager())
{
var authenticationCookie = cookieManager.CreateAuthenticationCookieHeader(Request.RequestUri.Host);
cookieManager.SaveAuthenticationCookie(validationData.Value.Id, authenticationCookie);

return responseManager.PrepareMessage(
HttpStatusCode.OK,
null,
authenticationCookie,
ResponseManager.ResponseType.InterfacePlainText
);

There is nothing inherently wrong with having multiple using statements. It keeps the lifetime of objects to the minimum which is not a bad thing to do.

Another point is that I'd possibly re-factor the error raising: You always prepare the error message with the same parameters except for the actual message. This could easily be encapsulated in a little helper function. So the refactored code could look like this:

private Response GetUnauthorizedResponse(string message)
{
    using (var responseManager = new ResponseManager())
    {
        return responseManager.PrepareMessage(
            HttpStatusCode.Unauthorized,
            message,
            null,
            ResponseManager.ResponseType.InterfacePlainText
        );
    }
}

[HttpPost]
[ExpiredCookieCheck]
public IHttpActionResult Auth([FromBody]AuthenticationData authenticationData)
{
    try
    {
        if (authenticationData == null)
        {
            return GetUnauthorizedResponse("No authentication model was provided in request body.");
        }

        using (var authenticationHandler = new AuthenticationHandler())
        {
            var validationData = authenticationHandler.CheckAuthenticationDataFromWeb(authenticationData);
            if (!validationData.Key)
            {
                return GetUnauthorizedResponse("Incorrect credentials for authentication.");
            }

            using (var cookieManager = new CookieManager())
            using (var responseManager = new ResponseManager())
            {
                var authenticationCookie = cookieManager.CreateAuthenticationCookieHeader(Request.RequestUri.Host);
                cookieManager.SaveAuthenticationCookie(validationData.Value.Id, authenticationCookie);

                return responseManager.PrepareMessage(
                    HttpStatusCode.OK,
                    null,
                    authenticationCookie,
                    ResponseManager.ResponseType.InterfacePlainText
                );
            }
        }
    }
    catch (Exception exception)
    {
        return GetUnauthorizedResponse(exception.ToString());
    }
}

This removed some distracting clutter and lets the reader focus better on the actual functionality of the method.

StackExchange Code Review Q#79496, answer score: 10