0

We have a mvc website embeded into an angular application using iframe. This used to work fine as both of these applications are hosted in same domain and works on cookie based authentication mechanism.

But we recently needed to change authentication mechanism to Open Id connect (using .net open source identity provider). Since this system expected to work authorization token to be placed in header, this iframe loading mechanism ia failing.

Any good suggestions on how to load this site into iframe but still pass auth header. And also once i frame gets loaded internally mvc website also needed to make some service calls which inturn needed to pass authorization header.

Please let me know if there is a better and cleaner approach for this problem.

hashbytes
  • 769
  • 1
  • 8
  • 26
  • What idp you are using, some IDP does not allow iframe loading. X-Frame-Deny option is enabled. – Sohan May 29 '18 at 07:31
  • Also is this a iframe timeout error? Mention the details. – Sohan May 29 '18 at 07:34
  • This is nothing to do with idp related iframes. This is my own all that goes into iframe, there is no time out error – hashbytes May 29 '18 at 11:22
  • I would ask for more detials and exactly what are you trying to do.. – Sohan May 29 '18 at 13:52
  • @Sohan I appreciate your time in responding to my question. I was not sure what information is needed here, As I have clearly mentioned that I need to pass Authorization header to a iframe website. This is the IdentityServer I am using https://identityserver.io/ Ui library -- https://github.com/IdentityModel/oidc-client-js – hashbytes May 29 '18 at 14:36
  • Do we get any specific exception in browser when loading the site? – Sohan May 30 '18 at 07:56
  • I am getting same exception 401, as the auth header is not being passed to a secured endpoint – hashbytes May 30 '18 at 11:35
  • What authentication flow of openid connect you are using (implicit/authoriation or hybrid)? – Sohan May 31 '18 at 10:20
  • OpenId does support only Implicit flow for JS clients – hashbytes Jun 01 '18 at 00:10

0 Answers0