SOI - Tapping into Http Headers and Cookies

1682
7
09-15-2017 12:04 PM
AlexThomas1
New Contributor II

Has anyone had any experience reading the Http header and cookies associated with the HTTP requests made to ArcGIS?  We have a custom security model that embeds a user specific token (non ArcGIS token) in each HTTP request made from our web app.

I'd like to see if there something available in the ArcObjects functionality that would allow us to extract this data.

thoughts?

7 Replies
ThomasColson
MVP Frequent Contributor

Wireshark, although, Fiddler generally will output what you need. You'll need to install your domain root cert in either app in order to see the requests, though

0 Kudos
AlexThomas1
New Contributor II

Ah, let me clarify.   I'm trying to do this programmatically within the SOI code.

 I want to accept the incoming request, parse the body (like all the examples show) as well as any http headers/cookies that might be carried along the way.

nicogis
MVP Frequent Contributor

you cannot access httpcontext but peraphs 'requestProperties' should return headers request (I have tried a scratch code but requestProperties always is empty  ... ) similarly responseProperties that it is however in out

Workaround: you pass from a proxy   

0 Kudos
AlexThomas1
New Contributor II

Hmm ok, I'm interested in examining headers and cookies that get sent to the handler which would identify sourcing domains and users.

Headers like "X-Forwarded-For" and "X-Forwarded-Host" would be useful when constructing resource urls for clients.

Using a reverse proxy server with ArcGIS Server—ArcGIS Server Administration (Linux) | ArcGIS Enterp... 

0 Kudos
JTessier
Occasional Contributor II

We also have this requirement, specifically for http headers and would like to know if it is possible.

Thanks!

0 Kudos
SebastianBosbach
New Contributor III

Hi Alex,

I had a similar problem.

In a SOI you can't get access to the underlying request, so passing the user per Cookie or something like this will not work.

But i found another way of bypassing my user to my soi.

My Solutions creates the webApp config on the fly which contains the service addresses etc., when the user logs into my Solution.

What I did to identify the user in my SOI is to add the services in the Javascript with an initial parameter, something like this "https://[domain]/arcgis/rest/services/MyService/MapsServer?user=D5FE90AA-2A31-4EF1-9A72-883BD1F21638".

Now when a user makes request to my service, I can read the "user" property in the SOI from the "operationInput" object in the HandleRESTRequest Method.

With this parameter I can then identify the calling user and do my business logic depending on the caller.

I hope this helps.

best regards 

Sebastian

AlexThomas1
New Contributor II

Great idea!  I can create a new parameter set on the client side that identifies any potential reverse proxy in the request chain.

Thanks!

0 Kudos