c# - How to call external URL in Asp.NET Core Controller?

Question

I am working on SSO these Days, We have a main application lets call it A, from where user is login and then using SSO User can access multiple applications related to application A.If user is logout from Application A, then user should be logout from all associated application as well and then redirected back to A's login page. The issue where I am stuck there is one application B which is associated with application A. To logout this application (B) we have to hit a url which logs out the application B. Problem is that when I hit this url from browser the application B logout successfully, but when I try to hit the url from code logout is not working. I have tried following solutions but its is not working

1. I have tried to hit url using web request.
2. I have tried Response.Redirect, Redirect, RedirectToAction.
3. It works when i use below code, but i don't want user to see Application B's logout page which currently user view when logout from main application.

I don't want user to see Application B logout page, instead it should see Application A logout page. Is there any way to hit that url so it logouts the application b? below is my code. Some one told me to open this url in hidden i-frame. I don't how to do this in controller. Below is the code

Blockquote

        public IActionResult Logout() {
   
        string urlLogout = "application/logout.action";
         
          var abc = Redirect(urlLogout); //it's is not working

         return Redirect(urlLogout); //it work's fine 

        }

question from:https://stackoverflow.com/questions/65932504/how-to-call-external-url-in-asp-net-core-controller

Answer 1

Use the HttpClient to hit the url.

An example would be the following:

static readonly HttpClient client = new HttpClient();
HttpResponseMessage response = await client.GetAsync("application/logout.action");
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();

Bear in mind that you should create the full request. This means that you need to add the headers and cookies to the request.

Example of adding the authorization header (this is for client credentials flow, but you get the gist of it).

client.DefaultRequestHeaders.Authorization 
                         = new AuthenticationHeaderValue("Bearer", "Your Oauth token");

Edit after comment

If the above does not work, it means that the logout page of application B does some actions on the client side.

1. It could be removing the cookies, if information is stored there. This can't be achieved from the application 1 controller as the cookies are accessible per hostname for security reasons.
2. It could be executing an XHR signoff http call. In this case you are in luck as you could identify it from your browser console and execute it from your own c# code

Worst case scenario, you can create a signoff action in the application B that you can call from c# and invalidate the session. When the user tries to access application B with an invalidated session, then return a 401 error and handle appropriatly.