25

I have the following code:

...
AuthenticationHeaderValue authHeaders = new AuthenticationHeaderValue("OAuth2", Contract.AccessToken);
string result = await PostRequest.AuthenticatedGetData(fullUrl, null, authHeaders);
return result; 
...

public static async Task<string> AuthenticatedGetData(string url, FormUrlEncodedContent data, AuthenticationHeaderValue authValue)
{

    HttpClient client = new HttpClient();
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(authValue.Parameter);

    HttpResponseMessage response = await client.PostAsync(new Uri(url), data);

    response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
    response.EnsureSuccessStatusCode();
    string responseBody = await response.Content.ReadAsStringAsync();
    return responseBody;
}

The response = await part just continues an ongoing loop and nothing happens. Any ideas what I am doing wrong?

The question really is, how do I send the following header:

Authorization: OAuth2 ACCESS_TOKEN

to an external web api

Shimmy Weitzhandler
  • 92,920
  • 119
  • 388
  • 596
Jimmyt1988
  • 18,656
  • 34
  • 113
  • 210

5 Answers5

64

I struggled with this. I kept getting an error saying "invalid format" because I have a custom implementation and the Authorization header is validated against certain standards. Adding the header this way however worked:

var http = new HttpClient();
http.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", "key=XXX");
John
  • 3,222
  • 1
  • 34
  • 52
  • While this header may appear weird, it is the format in which Authorization header was required by Google Cloud Messaging Service, which in turn sends messages to Android devices. – Parth Shah Sep 03 '14 at 10:21
  • It took me an hour to get this :(. thank you very much. – Anupam Singh May 06 '15 at 13:31
  • Has anyone tested this in windows 10 yet? It still fails even if you use this bypass method. It's infuriating. – Sinaesthetic Aug 23 '15 at 04:45
  • 1
    Can't think why it would be a problem with windows 10 surely the .net code is the same ? – John Aug 24 '15 at 05:53
  • This did not work for me. Had to resort to the good old HttpWebRequest, which seems to accept the header in Google's format alright. – Exulted Sep 23 '17 at 10:42
27

This line

client.DefaultRequestHeaders.Authorization = 
           new AuthenticationHeaderValue(authValue.Parameter);

Will produce this header value

Authorization: ACCESS_TOKEN

Where ACCESS_TOKEN is the value of authValue.Parameter. You want to assign the value you passed instead to get the required header

client.DefaultRequestHeaders.Authorization = authValue;

Will produce

Authorization: OAuth2 ACCESS_TOKEN
Alaa Masoud
  • 6,922
  • 3
  • 37
  • 55
  • I can now see this working. DefaultRequestHeaders are set as you say. Should I assume that because it is not working, I am not sending the right header stuff through, I had a peak at OAUTH documentation and saw it has a few more values to send... although he api I am working with explicitly says you "need to make future api requests with the above header" – Jimmyt1988 Sep 26 '13 at 22:56
11

Had a similar issue when getting AuthenticationHeaderValue to work with my requests. I was also using JWT JsonWebToken from GitHub. I was able to get a token from the API, but was struggling to use it in other GETs and POSTs.

var jwt = JsonWebToken.Encode(token, APISECRET, JwtHashAlgorithm.HS256);
var tk = GetTokenFromApi(); // basically returns an encrypted string.

Manually using WebRequest: Which worked fine.

request.ContentType = "application/json";
request.Method = "POST";
request.Headers.Set("Authorization", string.Format("Bearer {0}", tk));

When we switched to an HttpClient, and used the AuthenticationHeaderValue, could not figure out how to set it up correctly.After looking at the request string, i saw it added the "Authorization" for me. Played around with parameters, and this finally this worked.

 var authenticationHeaderValue = new AuthenticationHeaderValue("Bearer", tk);
Yogurt The Wise
  • 3,969
  • 4
  • 32
  • 41
2

Maybe intresting for other people. Since I searched on this for a long time. But you have to save your cookies also and give it with your next request. First this is how i got my authentication code and hold my cookies in a static variable (in the first time i call this method I give an empty value to token).

    public static CookieContainer CookieContainer;
    public static async Task<string> Post<TRequest>( TRequest requestBody, string path, string token = "")
    {
        var baseUrl = new Uri($"urlFromApi");
        CookieContainer = new CookieContainer();
        using (var handler = new HttpClientHandler() { CookieContainer = CookieContainer })
            using(var client = new HttpClient(handler){BaseAddress = baseUrl})
        {
            client.DefaultRequestHeaders.ConnectionClose = false;
            if (!string.IsNullOrWhiteSpace(token))
            {
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", $"{token}");
            }
            ServicePointManager.FindServicePoint(client.BaseAddress).ConnectionLeaseTimeout = 60 * 1000; //1 minute            using (var content = new ByteArrayContent(GetByteData(requestBody)))
            using (var content = new ByteArrayContent(GetByteData(requestBody)))
            {
                content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
                var response = await client.PostAsync(String.Empty, content);
                return await GetResponseContent(response);
            }
        }

    }

After this if I do any request to the api I include the cookies (token is what you get from the first response as a result) public static async Task Get(string path, string token = "") {

        var baseUrl = $"https://innoviris-ai.collibra.com/rest/2.0{path}";
        using (var handler = new HttpClientHandler() { CookieContainer = CookieContainer })
        using (var client = new HttpClient(handler) {BaseAddress = new Uri(baseUrl)})
        {
            client.DefaultRequestHeaders.ConnectionClose = false;
            if (!string.IsNullOrWhiteSpace(token))
            {
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", $"{token}");
            }
            ServicePointManager.FindServicePoint(client.BaseAddress).ConnectionLeaseTimeout = 60 * 1000; //1 minute     

            var response = await client.GetAsync(String.Empty);
            return await GetResponseContent(response);
        }
    }
Nico
  • 81
  • 2
1

In your code you are doing this:

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", $"{token}");

I think the following should work the same manner without using string interpolation:

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

This is because the string interpolation is just generating a string with the token in it!

Ajit Menon
  • 11
  • 1