Satheesh:
I am trying to provide extra/custom authentication to MS Bot-framework project using Owin other than default authentication from MS using app id/pwd. Yes the Bot is in-fact an api i tagged Webapi too. I added OWIN startup class and provided middleware to perform OAUTH-2 implementation to validate JWT.
As MS Bot directline calls have a default Bearer token to be passed as Authorization Header key,i given custom provider to accept JWT from Bot state. Please note my bot is surfaced in a Web app which will generate a auth token which will be setted in Bot state against unique user id, so i am in need of this user id value to retrieve the token from Bot state. So the best possible way i can think of is to intercept all ajax calls from my Webchat Bot control to add a custom header as "x-user-id", which i will read from my owin middleware request header.
But it was not succeeding as i am not getting the header value in OWIN, which i am passing in ajax calls. But when i checked in Chrome, this header is being sent. I am confused on what could be the issue.
Ajax Interceptor
if (window.XMLHttpRequest && !(window.ActiveXObject)) {
(function (send) {
XMLHttpRequest.prototype.send = function (data) {
this.setRequestHeader('x-user-id', '123456789');
send.call(this, data);
};
})(XMLHttpRequest.prototype.send);
}
AppBuilder Configuration
public void Configuration(IAppBuilder app)
{
var policy = new CorsPolicy()
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
SupportsCredentials = true
};
policy.ExposedHeaders.Add("x-user-id");
app.UseCors(new CorsOptions()
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
app.Map("/api", ctx =>
{
ctx.UseEsoAccessTokenValidation(new EsoAccessTokenOptions
{
AccessTokenKey = "AccessToken",
ChannelId = "webchat",
Scopes = new string[] { "read", "write" }
});
ctx.UseWebApi(WebApiConfig.Register());
});
}
Code to Read Header:
private static async Task
GetAccessToken(OAuthRequestTokenContext context, EsoAccessTokenOptions options)
{
string accesstoken = string.Empty;
var request = context.Request;
if (request.Headers.ContainsKey("x-access-token"))
{
accesstoken = request.Headers["x-access-token"];
}
}
Chrome Network Screenshot
Please help me understand what i am doing wrong here?
Posted in S.E.F
via StackOverflow & StackExchange Atomic Web Robots
This Question have been answered
HERE