Forward Authorization header to remote instances

jasontaylordev · jasontaylordev · commit 57176d84239f · 2026-01-27T16:24:35.000+10:00
diff --git a/src/ServiceControl/Connection/RemotePlatformConnectionDetailsProvider.cs b/src/ServiceControl/Connection/RemotePlatformConnectionDetailsProvider.cs
@@ -5,24 +5,40 @@
     using System.Net.Http;
     using System.Text.Json;
     using System.Threading.Tasks;
+    using Microsoft.AspNetCore.Http;
     using Microsoft.Extensions.Logging;
     using ServiceBus.Management.Infrastructure.Settings;
 
-    class RemotePlatformConnectionDetailsProvider(Settings settings, IHttpClientFactory clientFactory, ILogger<RemotePlatformConnectionDetailsProvider> logger)
+    class RemotePlatformConnectionDetailsProvider(Settings settings, IHttpClientFactory clientFactory, IHttpContextAccessor httpContextAccessor, ILogger<RemotePlatformConnectionDetailsProvider> logger)
         : IProvidePlatformConnectionDetails
     {
-        public Task ProvideConnectionDetails(PlatformConnectionDetails connection) =>
-            Task.WhenAll(
+        public Task ProvideConnectionDetails(PlatformConnectionDetails connection)
+        {
+            var authorizationHeader = httpContextAccessor.HttpContext?.Request.Headers.Authorization.ToString();
+
+            return Task.WhenAll(
                 settings.RemoteInstances
-                    .Select(remote => UpdateFromRemote(remote, connection))
+                    .Select(remote => UpdateFromRemote(remote, connection, authorizationHeader))
             );
+        }
 
-        async Task UpdateFromRemote(RemoteInstanceSetting remote, PlatformConnectionDetails connection)
+        async Task UpdateFromRemote(RemoteInstanceSetting remote, PlatformConnectionDetails connection, string authorizationHeader)
         {
             var client = clientFactory.CreateClient(remote.InstanceId);
             try
             {
-                await using var stream = await client.GetStreamAsync("/api/connection");
+                var request = new HttpRequestMessage(HttpMethod.Get, "/api/connection");
+                var hasAuth = !string.IsNullOrEmpty(authorizationHeader);
+
+                if (hasAuth)
+                {
+                    request.Headers.TryAddWithoutValidation("Authorization", authorizationHeader);
+                }
+
+                var response = await client.SendAsync(request);
+                response.EnsureSuccessStatusCode();
+
+                await using var stream = await response.Content.ReadAsStreamAsync();
                 var document = await JsonDocument.ParseAsync(stream);
                 foreach (var property in document.RootElement.EnumerateObject())
                 {
