I have an app that uses SiteMinder for the authorization. Currently how it works is that when users want to reach the landing page of the app, they're sent to the company user-password page and once they're authenticated by SiteMinder, they can visit the app. After they're authenticated, the user info will be in the HTTP header. In order to get the user info, I need to access the HTTP header and get LDAP record.
I am pretty sure that http header has the user info along with cookie. The problem is that my controller doesn't get user info in the header. But I am able to get other header values such as Date, Agent, Referer, host etc.
Here is my controller code:
[HttpGet]
public async Task<IEnumerable<UserForDisplayDto>> GetAllUsers()
{
var headerValue = Request.Headers["HTTP_JHED_uid"];
var person = headerValue.ToString();
var user = await repository.GetAllJhedUsers(person);
return mapper.Map<IEnumerable<User>, IEnumerable<UserForDisplayDto>>(user);
}
In this case
HTTP_JHED_uid is the user id that I need to get from the header.
Basically, I am trying to get user id, then I pass this user id to my local database and get this user based on their user id.
Also here is my repository class that I use to get the user from my local database.
public async Task<IEnumerable<User>> GetAllJhedUsers(string id, bool includeRelated = true)
{
if(!includeRelated)
return await context.Users.Where(x => x.JHED_ID == id).ToListAsync();
return await context.Users
.Where(x => x.JHED_ID == id).ToListAsync();
}
I am not sure What I am missing. There is not a lot of documentation for this. Any help is appreciated!
What I have tried:
I use middleware and cookie-based authentication.
I also hardcoded my user id. I am able to get user info from my local db in this case. So most likely, the problem is with my controller.