Has anyone had any experience reading the Http header and cookies associated with the HTTP requests made to ArcGIS? We have a custom security model that embeds a user specific token (non ArcGIS token) in each HTTP request made from our web app.
I'd like to see if there something available in the ArcObjects functionality that would allow us to extract this data.
thoughts?
Wireshark, although, Fiddler generally will output what you need. You'll need to install your domain root cert in either app in order to see the requests, though
Ah, let me clarify. I'm trying to do this programmatically within the SOI code.
I want to accept the incoming request, parse the body (like all the examples show) as well as any http headers/cookies that might be carried along the way.
you cannot access httpcontext but peraphs 'requestProperties' should return headers request (I have tried a scratch code but requestProperties always is empty ... ) similarly responseProperties that it is however in out
Workaround: you pass from a proxy
Hmm ok, I'm interested in examining headers and cookies that get sent to the handler which would identify sourcing domains and users.
Headers like "X-Forwarded-For" and "X-Forwarded-Host" would be useful when constructing resource urls for clients.
We also have this requirement, specifically for http headers and would like to know if it is possible.
Thanks!
Hi Alex,
I had a similar problem.
In a SOI you can't get access to the underlying request, so passing the user per Cookie or something like this will not work.
But i found another way of bypassing my user to my soi.
My Solutions creates the webApp config on the fly which contains the service addresses etc., when the user logs into my Solution.
What I did to identify the user in my SOI is to add the services in the Javascript with an initial parameter, something like this "https://[domain]/arcgis/rest/services/MyService/MapsServer?user=D5FE90AA-2A31-4EF1-9A72-883BD1F21638".
Now when a user makes request to my service, I can read the "user" property in the SOI from the "operationInput" object in the HandleRESTRequest Method.
With this parameter I can then identify the calling user and do my business logic depending on the caller.
I hope this helps.
best regards
Sebastian
Great idea! I can create a new parameter set on the client side that identifies any potential reverse proxy in the request chain.
Thanks!