Click here to Skip to main content
14,693,741 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I have an app that uses SiteMinder for the authorization. Currently how it works is that when users want to reach the landing page of the app, they're sent to the company user-password page and once they're authenticated by SiteMinder, they can visit the app. After they're authenticated, the user info will be in the HTTP header. In order to get the user info, I need to access the HTTP header and get LDAP record.

I am pretty sure that http header has the user info along with cookie. The problem is that my controller doesn't get user info in the header. But I am able to get other header values such as Date, Agent, Referer, host etc.

Here is my controller code:
[HttpGet]
public async Task<IEnumerable<UserForDisplayDto>> GetAllUsers()
{
    var headerValue = Request.Headers["HTTP_JHED_uid"];
    var person = headerValue.ToString();
    var user = await repository.GetAllJhedUsers(person);
    return mapper.Map<IEnumerable<User>, IEnumerable<UserForDisplayDto>>(user);
}


In this case HTTP_JHED_uid is the user id that I need to get from the header.
Basically, I am trying to get user id, then I pass this user id to my local database and get this user based on their user id.

Also here is my repository class that I use to get the user from my local database.


public async Task<IEnumerable<User>> GetAllJhedUsers(string id, bool includeRelated = true)
 {
     if(!includeRelated)
         return await context.Users.Where(x => x.JHED_ID == id).ToListAsync();

     return await context.Users
         .Where(x => x.JHED_ID == id).ToListAsync();
 }


I am not sure What I am missing. There is not a lot of documentation for this. Any help is appreciated!

What I have tried:

I use middleware and cookie-based authentication.
I also hardcoded my user id. I am able to get user info from my local db in this case. So most likely, the problem is with my controller.
Posted
Comments
F-ES Sitecore 4-Apr-18 10:28am
   
Have you used a tool like fiddler or wireshark to verify that header actually exists in the request? I mean actually verified and seen with your own eyes, not just assumed.
fatihkaratay 4-Apr-18 10:40am
   
Wireshark has no HTTP header like that. My controller returns bad request because the code can't find the header. However, I can see the HTTP_JHED_UID in the log files of SiteMinder. By the way, on my chrome developer tool, I have only cookie header with the cookie that comes from SiteMinder. But the documents say the user info is in the HTTP header. I am confused.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900