C# Authentication for JIRA Access

Background

Our company has a limited number of JIRA user licenses, but we want all staff members to access our JIRA dashboard for viewing projects and issues. I’m trying to implement a solution where we use a single read-only JIRA account and create a custom authentication system.

Current Progress

I can successfully authenticate using this curl approach:

curl -v -u "[email protected]:token123" -H "Accept: application/json" -H "Content-Type: application/json" --cookie "session.txt" --cookie-jar "session.txt" -d '{"username": "[email protected]","password": "mypassword"}' -X POST "https://ourcompany.atlassian.net/rest/auth/1/session"

This creates authentication tokens in the session file. I can manually use these tokens in the browser console to log in successfully.

C# Implementation Issue

Here’s my current C# code that isn’t working properly:

Uri dashboardUrl = new Uri("https://ourcompany.atlassian.net/secure/Dashboard.jspa");

// Validate employee credentials against Active Directory
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, "ourcompany"))
{
    if (context.ValidateCredentials(employeeUser, employeePass))
    {
        var request = (HttpWebRequest)WebRequest.Create(dashboardUrl);
        CookieContainer cookies = new CookieContainer();
        cookies.Add(sessionCookie);
        request.CookieContainer = cookies;
        request.Method = "POST";
        request.ContentType = "application/json";
        request.Accept = "application/json";
        
        var credentials = Convert.ToBase64String(Encoding.Default.GetBytes("[email protected]:token123"));
        request.Headers.Add("Authorization", "Basic " + credentials);
        request.Headers.Add(HttpRequestHeader.Cookie, cookieString);

        var payload = "{\"username\":\"[email protected]\",\"password\":\"mypassword\"}";
        byte[] requestData = Encoding.Default.GetBytes(payload);
        request.ContentLength = requestData.Length;

        Stream requestStream = request.GetRequestStream();
        requestStream.Write(requestData, 0, requestData.Length);
        requestStream.Flush();
        requestStream.Close();
        
        Response.Redirect(jiraInstanceUrl);
    }
}

How can I properly handle the session cookies and redirect the user to JIRA while maintaining the authenticated session?

The issue is you’re creating a session server-side then trying to redirect the user’s browser with those cookies. That won’t work - the session is tied to your server’s HTTP context, not the user’s browser.

I hit this same problem building internal tools. My solution? Set up a reverse proxy with ASP.NET Core middleware. After validating employee credentials against AD, I proxy all JIRA requests through my app and inject the shared account auth headers behind the scenes. The user never talks directly to JIRA - your app becomes the middleman.

This keeps session state on your server while the user’s browser only sees your application. If you’re on .NET Core, check out YARP (Yet Another Reverse Proxy) - it handles most of the request forwarding and header stuff for you.

you’re mixing session auth with basic auth - that won’t work. switch to HttpClient instead of WebRequest, it’s way cleaner. also, you can’t redirect with cookies like that since the browser won’t have them. look into JIRA’s oauth or use their REST API to pull the data and show it in your own interface.

Had the same issue building an Atlassian wrapper. You can’t establish a session server-side and pass it to the browser - the session cookies are tied to your server, not the user’s browser. What worked for me: Use a proxy pattern where your C# app acts as the middleman. Validate employee credentials against AD, then make JIRA API calls from your server using shared account credentials. Render the dashboard data in your own web app. You keep control of auth while showing JIRA data seamlessly. Alternatively, check if your JIRA version supports application links - handles the auth flow much cleaner.