Question 276705 in ASP.NET Question posted in
The official documentation can be found here.

ASP.NET MVC – Adding bearer token when redirecting to an external page

I am having an issue wherein I cannot seem to pass a header when I’m redirecting a user to another page. The said page requires a Bearer token to be able to access the page, however, the Redirect method only accepts the URL as a parameter.

    public ActionResult Index()
    {       
        string URL = "www.example.com"
        //write a method that redirects to a page passing a bearer token
        //response is a JSON object containing an access token from a token server

        AccessTokenModel atm = new AccessTokenModel();
        atm = Newtonsoft.Json.JsonConvert.DeserializeObject<AccessTokenModel>(response);

       //this is where I'm stuck as the Redirect parameter only accepts a URL string as parameter
        return Redirect(URL, new Request (Headers.Add("Authorization", "Bearer " + atm.access_token))); 
    }
Tags:

2

Answers


  1. 0

    There are two ways to do this:
    1- Using route parameters for the url you are redirecting. But this is not a secure way as users will see bearer tokens in the URL.
    2- You can create a view, containing an HTML Form element with a hidden field, with the value of a bearer token, then return the view from the action. In the View, you can automatically submit the form by using a simple javascript code in the document.ready() event handler. The destination page has to read the data posted to so that it can read and parse the token.
    3- If the URL you are redirecting is on the same Authentication and Authorization subsystem, e.g. an SSO (Single Sign On), you should redirect the page to the SSO, specifying the return url after authentication. So, it will automatically authenticate and redirect user to the destination url with the authentication and authorization data required by the destination.

    for #2 :

    <form id="myForm" action="YOUR_EXTERNAL_URL" enctype="application/x-www-form-urlencoded" >
    <input type="hidden" name="bearerToken" value="@ViewBag.BEARER_TOKEN" />
</form>

<script>
    $(document).ready(function(){
        $('#myForm').submit();
    }
</script>
    Login or Signup to reply.
  2. 0

    The said page requires a Bearer token to be able to access the page,
    however, the Redirect method only accepts the URL as a parameter.

    Well apart from above process which have been shown by another contributor, first of all we should have a look how your external page request format looks like. What I mean is, it would nicer, if you could share how your external page reuqest accepting the parameters or request header.

    For example, if it allows explicit httpClient request then we can send a HttpClient request along with required headers.

    You can try as following:

     HttpClient _client = new HttpClient();
 var endpoint = "www.example.com";
 using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, string.Format(endpoint)))
 {
     //Extract access token
     AccessTokenModel atm = new AccessTokenModel();
     atm = Newtonsoft.Json.JsonConvert.DeserializeObject<AccessTokenModel>(response);
     //Passing Token For this Request
     requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", atm.access_token);
     HttpResponseMessage response = await _client.SendAsync(requestMessage);
     //Getting Response from  API
     dynamic resonse = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());
 }

    Note: We can try this way if the endpoint allows us to send http request explicitly. Make sure the http verb as well.

    Another additional, way, you could consider is that, IIS custom request headers. This kind of header also can be configured using IIS server as well. I would recommend you to check this official document for more details.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search