Satheesh:

I am trying to provide extra/custom authentication to MS Bot-framework project using Owin other than default authentication from MS using app id/pwd. Yes the Bot is in-fact an api i tagged Webapi too. I added OWIN startup class and provided middleware to perform OAUTH-2 implementation to validate JWT.

As MS Bot directline calls have a default Bearer token to be passed as Authorization Header key,i given custom provider to accept JWT from Bot state. Please note my bot is surfaced in a Web app which will generate a auth token which will be setted in Bot state against unique user id, so i am in need of this user id value to retrieve the token from Bot state. So the best possible way i can think of is to intercept all ajax calls from my Webchat Bot control to add a custom header as "x-user-id", which i will read from my owin middleware request header.

But it was not succeeding as i am not getting the header value in OWIN, which i am passing in ajax calls. But when i checked in Chrome, this header is being sent. I am confused on what could be the issue.

Ajax Interceptor

if (window.XMLHttpRequest && !(window.ActiveXObject)) {
        (function (send) {               
            XMLHttpRequest.prototype.send = function (data) {
                this.setRequestHeader('x-user-id', '123456789');
                send.call(this, data);
            };

        })(XMLHttpRequest.prototype.send);
    }

AppBuilder Configuration

public void Configuration(IAppBuilder app)
    {
        var policy = new CorsPolicy()
        {
            AllowAnyHeader = true,
            AllowAnyMethod = true,
            AllowAnyOrigin = true,
            SupportsCredentials = true
        };
        policy.ExposedHeaders.Add("x-user-id");
        app.UseCors(new CorsOptions()
        {
            PolicyProvider = new CorsPolicyProvider
            {
                PolicyResolver = context => Task.FromResult(policy)
            }
        });
        app.Map("/api", ctx =>
        {
            ctx.UseEsoAccessTokenValidation(new EsoAccessTokenOptions
            {
                AccessTokenKey = "AccessToken",
                ChannelId = "webchat",
                Scopes = new string[] { "read", "write" }
            });

            ctx.UseWebApi(WebApiConfig.Register());
        });
    }

Code to Read Header:

private static async Task GetAccessToken(OAuthRequestTokenContext context, EsoAccessTokenOptions options)
        {
            string accesstoken = string.Empty;
            var request = context.Request;
            if (request.Headers.ContainsKey("x-access-token"))
            {
                accesstoken = request.Headers["x-access-token"];
            }
       }

Chrome Network Screenshot

Please help me understand what i am doing wrong here?