I have a Blazor project which depends on an external API. When I login into my website I make an API call to get a session token, then I store this token into a claim.
This token must be send in any call as a cookie. For this, since I'm trying to use HttpClient, I use Header Propagation as seen here.
So my builder has a service like this:
services.AddHttpClient<ServiceClient>(client =>
{
client.BaseAddress = new Uri(url);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
})
.ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler()
{
ClientCertificateOptions = ClientCertificateOption.Manual,
ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, cetChain, policyErrors) => { return true; },
})
.AddHeaderPropagation(options =>
{
options.Headers.Add("Cookie");
});
services.AddHeaderPropagation(options =>
options.Headers.Add("Cookie", context =>
{
var identity = context.HttpContext.User.Identities.FirstOrDefault(x => x.AuthenticationType == "AppAuthenticationType");
if (identity?.IsAuthenticated ?? false)
return $"SESSION={identity.GetSession()}";
return String.Empty;
}));
Then I add app.UseHeaderPropagation(); after app.UseAuthentication(); and app.UseAuthorization(); to get it to work.
The problem I have is when I first open my website, I'm not logged in so my claims are not set yet. When I log-in, I set my claims so I can get my session token, but the service is already done so my token is not been at all.
How can I force this header propagation to be resolved for every call?
