Home > front end >  C# HttpClient cannot send authorization header to ASP.NET Core Web API
C# HttpClient cannot send authorization header to ASP.NET Core Web API

Time:08-05

I am trying to use C# HttpClient from ASP.NET MVC to make a request to an API. My API is running on .NET 6.0.

httpClient.BaseAddress = new Uri(_url);
httpClient.DefaultRequestHeaders.Clear();
httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue($"Bearer", $"{token}");
var serialized = new StringContent(JsonConvert.SerializeObject(request), Encoding.UTF8, "application/json");
var httpResponseMessage = await httpClient.PutAsync(urlToSend, serialized);

Here is my code. I tried all the possibilities I saw on google. But when sending request, I can't send Authorization header.

I can send it with Postman.

Here is my API code:

    [AllowAnonymous]
    [Consumes("application/json")]
    [Produces("application/json", "text/plain")]
    [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(IResult))]
    [ProducesResponseType(StatusCodes.Status400BadRequest, Type = typeof(IResult))]
    [HttpPut("changeuserpassword")]
    public async Task<IActionResult> ChangeUserPassword([FromBody] ChangePasswordCommand changePasswordCommand)
    {
        var accessToken = Request.Headers[HeaderNames.Authorization];
        return GetResponseOnlyResult(await Mediator.Send(changePasswordCommand));
    }

CodePudding user response:

I'm not sure but maybe the [AllowAnonymous]attribute remove the Authorization header from request just because it does not make sense if no authorization is needed. Have you checked if the sent request contains the header using a tool like fiddler ?

CodePudding user response:

Please review this link. Allow Anonymous will ignore the authentication header

https://github.com/dotnet/aspnetcore/issues/30546

  • Related