Bottom Line: I need to get a custom (NOT and ArcGIS) token from the WAB app to my proxy server along with each http call from the WAB app which accesses secure resources.
I'm using a WAB (for developers) app to call a .NET proxy server which, in turn, has my secret. I have a custom security setup (not oauth or LDAP etc.). I need to get the user's custom token (not an ArcGIS token) from the WAB in javascript to the proxy server. Then I need to check it there (via my own custom scheme) and only allow the request to proceed is the token is valid. I'm not that familiar with the WAB project structure so I'm quite confused on even where to start.
What I would really like to do is add a custom "Authorization" http header to every call that flows through esriRequest (which looks like the key function that does most of the getting of things.) But I don't really see how I can do that. I suppose that I can hijack something else to get my token to the server... but not really sure where to start. Or maybe there is a totally different way to tackle this problem. But I cannot have the user directly sign on to ArcGIS or use AD or use OAuth.
One option might be to somehow make a call to the proxy server at startup and add an http only cookie with the token. Not ideal but it might work.
