HttpClient not accepting Authorization headers (401 Unauthorized)?

Asked 28/6, 2018 at 6:56 Answered 28/10 at 6:41

I am creating a Xamarin.Forms mobile app that targets Android with .NET Standard as my code sharing method. Unfortunately the API I'm consuming works in Postman but doesn't work in C# using HttpClient from System.Net.Http.

Postman request works using this header:

I have tried 3 different approaches but they all still return "401 unauthorized". I've also checked the INTERNET permission in my Android Manifest file.

HttpClient.DefaultRequestHeaders.Add("Authorization", "Token e2eeb1aa9f32eb0ekgn353b6fadb772");
HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Token", "e2eeb1aa9f32eb0ekgn353b6fadb772");
HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", "Token e2eeb1aa9f32eb0ekgn353b6fadb772");

Adenoidectomy answered 28/6, 2018 at 6:56 Comment(5)

Try to add a call to HttpClient.DefaultRequestHeaders.Clear(); to make sure there aren't any other headers in there. – Unlace 28/6, 2018 at 7:11

I have tried that as well to no avail. – Adenoidectomy 28/6, 2018 at 7:19

Also, "Token" seems strange. Normally this is "Bearer"? – Unlace 28/6, 2018 at 7:27

Yes normally it is Bearer but when I use Bearer it throws me an error. It only works (in Postman) by using Authorization: Token <Space> <Token Value> as the header. – Adenoidectomy 28/6, 2018 at 7:35

Did the solution in my answer work? – Sassoon 29/6, 2018 at 7:46

Try setting the header on the HttpRequestMessage:

request.Headers.Authorization = new 
    AuthenticationHeaderValue("Bearer","e2eeb1aa9f32eb0ekgn353b6fadb772");

Fronnia answered 28/6, 2018 at 7:31 Comment(1)

This answer helped me today. I was setting authorization header on client.DefaultRequestHeaders level earlier which was not working. – Blob 15/10, 2019 at 6:48

Please make sure your HTTP request URL is correct or not. Sometimes you may need a trailing forwardslash ( '/' ). If you missed it in HTTP client, will not work but POSTMAN will .

Spacesuit answered 2/10, 2018 at 9:25 Comment(3)

yep, because of that missing backslash I waste 1 hour of researching the 401 error message.............. – Avocation 4/2, 2020 at 13:48

Postman also is lenient with http vs https - in my case, C# needed to be using https. – Thick 13/1, 2022 at 19:36

think there is a typo in answer. backslash is this one - ' \ ' – Confect 28/11, 2022 at 15:39

Try setting the header on the HttpRequestMessage:

request.Headers.Authorization = new 
    AuthenticationHeaderValue("Bearer","e2eeb1aa9f32eb0ekgn353b6fadb772");

Fronnia answered 28/6, 2018 at 7:31 Comment(1)

This answer helped me today. I was setting authorization header on client.DefaultRequestHeaders level earlier which was not working. – Blob 15/10, 2019 at 6:48

In my case, was fixed when I set the basic authentication in the AuthenticationHeaderValue.

var authToken = Encoding.ASCII.GetBytes(_UserName + ":" + _Password);
client.DefaultRequestHeaders.Authorization= new AunthenticationHeaderValue("Basic", Convert.ToBase64String(authToken));

Lobe answered 9/8, 2020 at 0:44 Comment(0)

The url I was calling was "http" and the server redirects it to https. Apparently this drops the headers. Didnt happen through postman !!

Solution: use httpS

Trimble answered 28/10 at 6:41 Comment(1)

This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post. You can setup server to not redirect to https, so your solution is irrelevant. – Sassaby 31/10 at 2:18

Recommended topics

Hot tags