topic Adding Header / Custom Token to Http Requests in ArcGIS Web AppBuilder Questions https://community.esri.com/t5/arcgis-web-appbuilder-questions/adding-header-custom-token-to-http-requests/m-p/292106#M7813 <HTML><HEAD></HEAD><BODY><P>Bottom Line: I need to get a custom (NOT and ArcGIS) token from the WAB app to my proxy server along with each &nbsp;http call from the WAB app which accesses secure resources.</P><P></P><P>I'm using&nbsp;a WAB (for developers) app to call a .NET proxy server which, in turn, has my secret. &nbsp;I have a custom security setup (not oauth or LDAP etc.). &nbsp;I need to get the user's custom token (not an ArcGIS token) from the WAB in javascript to the proxy server. &nbsp;Then I need to check it there (via my own custom scheme) and only allow the request to proceed is the token is valid. &nbsp;I'm not that familiar with the WAB project structure so I'm quite confused on even where to start. &nbsp;</P><P></P><P>What I would really like to do is add a custom "Authorization" http header to every call that flows through&nbsp;esriRequest (which looks like the key function that does most of the getting of things.) &nbsp;But I don't really&nbsp;see how I can do that. &nbsp;I suppose that I can hijack something else to get my token to the server... but not really sure where to start. &nbsp;Or maybe there is a totally different way to tackle this problem. &nbsp;But I cannot have the user directly sign on to ArcGIS or use AD or use OAuth.</P><P></P><P>One option might be to somehow make a call to the proxy server at startup and add an http only cookie with the token. &nbsp;Not ideal but it might work.</P></BODY></HTML> Fri, 05 May 2017 17:27:48 GMT ChristopherMoyes 2017-05-05T17:27:48Z Adding Header / Custom Token to Http Requests https://community.esri.com/t5/arcgis-web-appbuilder-questions/adding-header-custom-token-to-http-requests/m-p/292106#M7813 <HTML><HEAD></HEAD><BODY><P>Bottom Line: I need to get a custom (NOT and ArcGIS) token from the WAB app to my proxy server along with each &nbsp;http call from the WAB app which accesses secure resources.</P><P></P><P>I'm using&nbsp;a WAB (for developers) app to call a .NET proxy server which, in turn, has my secret. &nbsp;I have a custom security setup (not oauth or LDAP etc.). &nbsp;I need to get the user's custom token (not an ArcGIS token) from the WAB in javascript to the proxy server. &nbsp;Then I need to check it there (via my own custom scheme) and only allow the request to proceed is the token is valid. &nbsp;I'm not that familiar with the WAB project structure so I'm quite confused on even where to start. &nbsp;</P><P></P><P>What I would really like to do is add a custom "Authorization" http header to every call that flows through&nbsp;esriRequest (which looks like the key function that does most of the getting of things.) &nbsp;But I don't really&nbsp;see how I can do that. &nbsp;I suppose that I can hijack something else to get my token to the server... but not really sure where to start. &nbsp;Or maybe there is a totally different way to tackle this problem. &nbsp;But I cannot have the user directly sign on to ArcGIS or use AD or use OAuth.</P><P></P><P>One option might be to somehow make a call to the proxy server at startup and add an http only cookie with the token. &nbsp;Not ideal but it might work.</P></BODY></HTML> Fri, 05 May 2017 17:27:48 GMT https://community.esri.com/t5/arcgis-web-appbuilder-questions/adding-header-custom-token-to-http-requests/m-p/292106#M7813 ChristopherMoyes 2017-05-05T17:27:48Z