#DrSpotfire Header external authentication

[Aswin Mukundan]

We havecurrently setup the spotfire External authentication method as Header.But we are only able to access the Spotfire dashboards after logging in via web client. We are unable to bypass login screen usingheader method. When we have changedthe method from Header to Cookie we are getting access without going through web client login. Could you please let us know of possible reasons that this might be occuring and any thoughts on the code change (.net) required to gain access via header itself

[Jens Borgland]

It sounds like you are using some sort of portal where users authenticate and that you want to use that identity in Spotfire For requests that you make yourself you can add headers but browsers won't automatically add any (but they will add cookies if set for the domain - so if your portal and the Spotfire Server have a common domain it sounds like cookies might be the best option). A header is typically used when there's a reverse-proxy or such in front of the Spotfire Server that performs the authentication.

Just a word of caution - anyone can set both headers and cookies so you must have something in place that validates that the headers or cookies you are using are in fact valid (you could for example sign them and validate the signature). This could either be done on the Spotfire Server side (in a CustomAuthenticator) or in reverse-proxy or such.