How to use header authentication with DataZen?

Question

We are using DataZen to visualize some data via dashboards.

We want to use header authentication, but the documentation does not provide any information which header field to set with the external_auth_key.

Does someone know which header fields to set when using DataZen's header authentication?

Answer 1

I am able to pass the header information through fiddler and it seems to work, but I can't for the life of me figure out how to pass it through an asp web application with the referring site in an iframe. I've created this class, but the header just loses this somehow.

Public Class CustomHttpModule
    Implements IHttpModule

    Public Sub New()
        ' Class constructor.
    End Sub


    ' Classes that inherit IHttpModule 
    ' must implement the Init and Dispose methods.
    Public Sub Init(ByVal app As HttpApplication) Implements IHttpModule.Init
        AddHandler app.BeginRequest, AddressOf app_BeginRequest
    End Sub


    Public Sub Dispose() Implements IHttpModule.Dispose
        ' Add code to clean up the
        ' instance variables of a module.
    End Sub

    Public Sub app_BeginRequest(ByVal o As Object, ByVal ea As EventArgs)
        Dim user As New ArrayList
        Dim headers As NameValueCollection = HttpContext.Current.Request.Headers
        Dim t As Type = headers.GetType()
        t.InvokeMember("MakeReadWrite", System.Reflection.BindingFlags.InvokeMethod Or System.Reflection.BindingFlags.NonPublic Or System.Reflection.BindingFlags.Instance, Nothing, headers, Nothing)
        t.InvokeMember("InvalidateCachedArrays", System.Reflection.BindingFlags.InvokeMethod Or System.Reflection.BindingFlags.NonPublic Or System.Reflection.BindingFlags.Instance, Nothing, headers, Nothing)
        user.Add("username")
        t.InvokeMember("BaseAdd", System.Reflection.BindingFlags.InvokeMethod Or System.Reflection.BindingFlags.NonPublic Or System.Reflection.BindingFlags.Instance, Nothing, headers, New Object() {"headerkey", user})
        t.InvokeMember("MakeReadOnly", System.Reflection.BindingFlags.InvokeMethod Or System.Reflection.BindingFlags.NonPublic Or System.Reflection.BindingFlags.Instance, Nothing, headers, Nothing)
    End Sub

End Class

I was also able to do a web-request through asp successfully, but how to do it with an iframe is beyond me..

Answer 2

Changed config of service:

<add key="authtype" value="external" />
<add key="external_auth_type" value="header" />
<add key="external_auth_key" value="zabr" />

Restarted Service. Created user in datazen: zabr. Granted rights to user: zabr.

Changed nginx:

            location / {
                    proxy_pass http://tfs10.domain.ru:81/;
                    proxy_set_header zabr 'zabr';
            }

result ==> It's Worked!.

Answer 3

Quick preface: this feature really shouldn't be used. It isn't documented well because it's almost never the right way to set up the server. You should always heavily consider alternatives, like the default mode (where Datazen handles credentials for you) or better-yet, Active Directory Federation Services.

External Authentication is a relatively unsecure approach, because all faith is placed in the proxy. Unless you absolutely need it and you aren't using Active Directory, it should generally be avoided.

---

You have to tell Datazen which header or cookie to look for. You can do that through the Control Panel UI.

Note that the "Authentication key" setting is case-sensitive, so I typically suggest sticking to something in all lowercase.

Once you've got that setting set, just go to your proxy (in whatever form you choose to implement that) and set a header with that name, and the 1:1 Datazen username that should be authenticated.

For example, if I'm logged in on the proxy with the above settings, the proxy should make the following request:

GET /viewer HTTP/1.1
thisistheheadername: v-mhauge
...

After reading that header, Datazen server will respond as if that user was logged in.

Disclaimer: I'm a support engineer with Microsoft, paid to support Datazen.