Setting Authorization Header of HttpClient

Asked 31/1, 2013 at 13:52 Answered 21/2, 2022 at 13:21

833

I have an HttpClient that I am using for a REST API. However I am having trouble setting up the Authorization header. I need to set the header to the token I received from doing my OAuth request. I saw some code for .NET that suggests the following,

httpClient.DefaultRequestHeaders.Authorization = new Credential(OAuth.token);

However the Credential class does that not exist in WinRT. Anyone have any ideas how to set the Authorization header?

Theologue answered 31/1, 2013 at 13:52 Comment(6)

What namespace does the Credential class belong to? – Foam 31/1, 2013 at 14:16

@Foam I don't know since it's a .NET namespace that does not exist in WinRT – Theologue 31/1, 2013 at 14:35

Why not request.Headers.Add("Authorization", token); – Mazurka 25/4, 2018 at 11:13

@Mazurka A few years past the original date, but this will give an InvalidOperationException now with a "Headers misused" message. – Banebrudge 2/3, 2021 at 3:16

@NeilMonroe the format? Authorization: Bearer <token> – Mazurka 21/4, 2021 at 10:8

Person who posted this question was not seen on SO for 9 years. Perhaps retired, or deceased. Little chance that one of the 25+ excellent answers will ever get accepted :-( – Nonprofessional 11/10, 2022 at 8:59

1359

So the way to do it is the following,

httpClient.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("Bearer", "Your Oauth token");

Theologue answered 31/1, 2013 at 14:36 Comment(11)

how do you get "Your Oauth token"? – Dryasdust 14/7, 2017 at 10:56

What I've used is: client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", "encrypted user/pwd"); Taking encrypted user/pwd from Advanced Rest Client chrome extension. – Mispronounce 1/8, 2017 at 1:17

@Mispronounce fyi, the second parameter is the base64 encoded user:password (its not encrypted). – Jotunheim 1/8, 2017 at 19:11

Beware: this might result in ArgumentNullException, see https://mcmap.net/q/55010/-httpclient-header-getting-nulled-when-using-in-async-methods – Smalltime 21/2, 2018 at 23:57

My application was happily using this for ages, then out of the blue I started getting a RuntimeBinderException. I had to switch to httpClient.DefaultRequestHeaders.Add("Authorization", "Bearer", "Your Oauth token"); to get it going again. – Seleneselenious 25/5, 2018 at 3:39

Microsoft.CSharp.RuntimeBinder.RuntimeBinderException: The best overloaded method match for 'System.Net.Http.Headers.AuthenticationHeaderValue.AuthenticationHeaderValue(string, string)' has some invalid arguments – Seleneselenious 25/5, 2018 at 3:40

@kraeg same thing happened to me. Switching worked, but I found out that my authtoken was a jobject and the fix you mentioned must have cast it correctly. When I properly cast the jobject to a string the original method worked again. – Loiret 21/12, 2018 at 14:20

@kraeg, the code you listed doesn't compile, did you mean to concatenate the last 2 strings like so: client.DefaultRequestHeaders.Add("Authorization", "Bearer " + "Your Oauth token"); – Untutored 18/3, 2019 at 21:50

@matwonk I reckon you must be right. I can't find that piece of code anywhere, but I do find plenty of the concatenated version. Sorry about that. – Seleneselenious 20/3, 2019 at 21:55

What if there are two tokens that I need to pass? – Procarp 14/1, 2020 at 5:9

@SecretSquirrel var token = await HttpContext.GetTokenAsync("access_token"); – Providence 23/3, 2022 at 18:2

463

request.DefaultRequestHeaders.Authorization = 
    new AuthenticationHeaderValue(
        "Basic", Convert.ToBase64String(
            System.Text.ASCIIEncoding.ASCII.GetBytes(
               $"{yourusername}:{yourpwd}")));

Tertiary answered 31/1, 2013 at 14:37 Comment(7)

This is not working, if you inspect the Auhtorization header is does not contains anything more than a string Basic. – Encyclopedia 31/10, 2014 at 11:59

Can anyone explain why it's important to convert the username and password to a base64 string? It offers no real encryption, so why does that matter? – Contrecoup 20/1, 2017 at 3:10

@JonathanWood Because that;s how it is defined to be used. Basic offers no encryption, just enough encoding to avoid issues with choice of password characters in a header. – Holly 20/7, 2017 at 13:22

Is there any particular reason you used ASCII encoding here? I assume there is no issue with using UTF8 encoding since we are Base64 encoding it anyways. I guess I'm wondering if the Basic authentication specification says that the username:password combo should be in ASCII only? – Shopper 20/2, 2018 at 20:44

@Shopper See https://mcmap.net/q/55011/-what-encoding-should-i-use-for-http-basic-authentication. It seems like UTF-8 is a valid option going forward (i.e. modern browsers [i.e. not IE]) – Saidel 20/5, 2019 at 21:9

System.Text.ASCIIEncoding.ASCII is actually in the parent class Encoding. So you can use System.Text.Encoding.ASCII instead. – Pettiford 10/9, 2019 at 0:16

This does not answer the question. The user is asking about using a Barer token to authenticate, not Basic Auth – Pyrometallurgy 10/8, 2022 at 17:7

121

I look for a good way to deal with this issue and I am looking at the same question. Hopefully, this answer will be helping everyone who has the same problem likes me.

using (var client = new HttpClient())
{
    var url = "https://www.theidentityhub.com/{tenant}/api/identity/v1";
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
    var response = await client.GetStringAsync(url);
    // Parse JSON response.
    ....
}

reference from https://www.theidentityhub.com/hub/Documentation/CallTheIdentityHubApi

Bethesda answered 21/9, 2015 at 9:7 Comment(6)

I'm doing the exact same thing @willie and I'm still getting a 401 from my API – Bluegill 22/10, 2015 at 22:7

Hi @Bluegill I think you didn't get a correct token key ,so that you got 401 , I will share my way on my personal "Ask Question" , hopefully it can help you to deal with your problem.PS waiting for a moment – Bethesda 28/10, 2015 at 10:56

You shouldn't put an HttpClient in a using block. (Yes, I know it sounds backwards, but you'll leak connections if you use using instead of just recycling the HttpClient.) – Hook 29/10, 2018 at 22:43

@JonathanAllen if you're referring to connection leak described here, it may be worth noting that few readers have mentioned in article comments that the leak might be related to how responses are handled, since many developers forget to dispose the HttpResponse itself and only dispose of the HttpClient. – Epos 4/12, 2020 at 6:46

Also note that client.DefaultRequestHeaders.Add will throw an exception if you end up calling it multiple times with the same header name. (Trying to add same header multiple times.) – Endocarp 26/5, 2022 at 15:55

You should not put HttpClient into a using statement because it will eventually cause socket exhaustion problems. Here's why: aspnetmonsters.com/2016/08/2016-08-27-httpclientwrong – Moselle 17/10, 2022 at 18:33

As it is a good practice to reuse the HttpClient instance, for performance and port exhaustion problems, and because none of the answers give this solution (and even leading you toward bad practices :( ), I put here a link towards the answer I made on a similar question :

https://mcmap.net/q/55012/-adding-headers-when-using-httpclient-getasync

Some sources on how to use HttpClient the right way:

Foster answered 14/7, 2017 at 17:20 Comment(4)

The port exhaustion problem is no joke. It almost never happens in QA, but will hit any heavily used project in production. – Hook 29/10, 2018 at 22:45

See my post for a concrete example https://mcmap.net/q/53686/-setting-authorization-header-of-httpclient – Wexler 10/2, 2020 at 15:12

It's almost laughable that this criticism of setting the default auth in the client is so far down the thread. I was pretty much scratching my head as to why I need to set an authorization on the client itself. – Robichaud 8/8, 2022 at 10:10

This information is outdated. Nowadays it's a better practice to use dependency injection or an IHttpClientFactory. Then there's no problem configuring the httpclient itself with the correct url and auth settings. – Examinee 22/9, 2023 at 6:29

I suggest to you:

HttpClient.DefaultRequestHeaders.Add("Authorization", "Bearer <token>");

And then you can use it like that:

var response = await client.GetAsync(url);
if (response.IsSuccessStatusCode)
{
    responseMessage = await response.Content.ReadAsAsync<ResponseMessage>();
}

Cop answered 9/10, 2019 at 10:44 Comment(1)

If your token times out every 1h for example then you have to update the HttpClient with this solution. I would suggest checking that your token is still valid and otherwise refreshing it and adding it to the HttpRequestMessage – Unexceptional 20/5, 2020 at 9:29

In the case you want to send HttpClient request with Bearer Token, this code can be a good solution:

var requestMessage = new HttpRequestMessage
{
    Method = HttpMethod.Post,
    Content = new StringContent(".....", Encoding.UTF8, "application/json"),
    RequestUri = new Uri(".....")
};

requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", "Your token");

var response = await _httpClient.SendAsync(requestMessage);

Wilber answered 17/4, 2020 at 8:27 Comment(0)

I was setting the bearer token

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

It was working in one endpoint, but not another. The issue was that I had lower case b on "bearer". After change now it works for both api's I'm hitting. Such an easy thing to miss if you aren't even considering it as one of the haystacks to look in for the needle.

Make sure to have "Bearer" - with capital.

Clothe answered 1/3, 2019 at 12:44 Comment(0)

Use Basic Authorization And Json Parameters.

using (HttpClient client = new HttpClient())
{
    var request_json = "your json string";

    var content = new StringContent(request_json, Encoding.UTF8, "application/json");

    var authenticationBytes = Encoding.ASCII.GetBytes("YourUsername:YourPassword");

    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
            Convert.ToBase64String(authenticationBytes));
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var result = await client.PostAsync("YourURL", content);

    var result_string = await result.Content.ReadAsStringAsync();
}

Rudolphrudwik answered 8/4, 2018 at 7:14 Comment(2)

You shouldn't include code to disable checking of SSL certificates in an example like this. People may blindly copy your code not realising what it does. I've removed those lines for you. – Wither 13/4, 2018 at 7:1

For anyone finding this old thread now (2021), please look at this documentation about HttpClientFactory which is injectable and will also re-run on each request avoiding expired tokens which will make it useful for bearer tokens, generated clients, pooling etc.

TL;DR: Use HttpClientFactory and a DelegatingHandler which will act as middleware on all outgoing requests with your configured client.

This is how I add my bearer for Azure Identity (managed by Azure) but you can get the token however you want of course;

using Microsoft.Azure.Services.AppAuthentication;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;

public class BearerTokenHandler : DelegatingHandler
    {
        public BearerTokenHandler(AzureServiceTokenProvider tokenProvider, string resource)
        {
            TokenProvider = tokenProvider;
            Resource = resource;
        }

        public AzureServiceTokenProvider TokenProvider { get; }
        public string Resource { get; }

        protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (!request.Headers.Contains("Authorization"))
            {
                // Fetch your token here
                string token = await TokenProvider.GetAccessTokenAsync(Resource);
                request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
            }

            return await base.SendAsync(request, cancellationToken);
        }
    }

I configure my typed clients (generated with NSwag) like this in Startup;

   var accessTokenProvider = new AzureServiceTokenProvider("<your-connection-string-for-access-token-provider>");

  builder.Services.AddHttpClient<IOrdersClient, OrdersClient>().ConfigureHttpClient(async conf =>
            {
                conf.BaseAddress = new Uri("<your-api-base-url>");
            }).AddHttpMessageHandler(() => new BearerTokenHandler(accessTokenProvider, "https://your-azure-tenant.onmicrosoft.com/api"));

Then you can inject your IOrdersClient wherever you like and all requests will have the bearer.

Unitarianism answered 2/3, 2021 at 22:34 Comment(0)

If you want to reuse the HttpClient, it is advised to not use the DefaultRequestHeaders as they are used to send with each request.

You could try this:

var requestMessage = new HttpRequestMessage
    {
        Method = HttpMethod.Post,
        Content = new StringContent("...", Encoding.UTF8, "application/json"),
        RequestUri = new Uri("...")
    };

requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Basic", 
    Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes($"{user}:{password}")));

var response = await _httpClient.SendAsync(requestMessage);

Wexler answered 26/11, 2019 at 13:36 Comment(1)

Yeah, surprisingly hard to find this answer. I guess many don't read the docs much because best practice is to have HttpClient be a static member variable to avoid port exhaustion issues. And then it makes little sense to use DefaultRequestHeaders either, especially if we're talking token/bearer authentication like many do here because these tokens will inevitably expire! So basing a default on that is just backwards. – Nocturnal 30/9, 2021 at 10:19

To set basic authentication with C# HttpClient. The following code is working for me.

   using (var client = new HttpClient())
        {
            var webUrl ="http://localhost/saleapi/api/";
            var uri = "api/sales";
            client.BaseAddress = new Uri(webUrl);
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            client.DefaultRequestHeaders.ConnectionClose = true;

            //Set Basic Auth
            var user = "username";
            var password = "password";
            var base64String =Convert.ToBase64String( Encoding.ASCII.GetBytes($"{user}:{password}"));
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",base64String);

            var result = await client.PostAsJsonAsync(uri, model);
            return result;
        }

Hoehne answered 19/3, 2018 at 3:53 Comment(2)

What is "model" in your code? – Inenarrable 26/12, 2021 at 0:39

This is how i have done it:

using (HttpClient httpClient = new HttpClient())
{
   Dictionary<string, string> tokenDetails = null;
   var messageDetails = new Message { Id = 4, Message1 = des };
   HttpClient client = new HttpClient();
   client.BaseAddress = new Uri("http://localhost:3774/");
   var login = new Dictionary<string, string>
       {
           {"grant_type", "password"},
           {"username", "[email protected]"},
           {"password", "lopzwsx@23"},
       };
   var response = client.PostAsync("Token", new FormUrlEncodedContent(login)).Result;
   if (response.IsSuccessStatusCode)
   {
      tokenDetails = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.Content.ReadAsStringAsync().Result);
      if (tokenDetails != null && tokenDetails.Any())
      {
         var tokenNo = tokenDetails.FirstOrDefault().Value;
         client.DefaultRequestHeaders.Add("Authorization", "Bearer " + tokenNo);
         client.PostAsJsonAsync("api/menu", messageDetails)
             .ContinueWith((postTask) => postTask.Result.EnsureSuccessStatusCode());
      }
   }
}

This you-tube video help me out a lot. Please check it out. https://www.youtube.com/watch?v=qCwnU06NV5Q

Pallua answered 23/12, 2017 at 6:33 Comment(0)

6 Years later but adding this in case it helps someone.

https://www.codeproject.com/Tips/996401/Authenticate-WebAPIs-with-Basic-and-Windows-Authen

var authenticationBytes = Encoding.ASCII.GetBytes("<username>:<password>");
using (HttpClient confClient = new HttpClient())
{
  confClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", 
         Convert.ToBase64String(authenticationBytes));
  confClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(Constants.MediaType));  
  HttpResponseMessage message = confClient.GetAsync("<service URI>").Result;
  if (message.IsSuccessStatusCode)
  {
    var inter = message.Content.ReadAsStringAsync();
    List<string> result = JsonConvert.DeserializeObject<List<string>>(inter.Result);
  }
}

Marbles answered 22/1, 2019 at 18:10 Comment(0)

In net .core you can use with Identity Server 4

var client = new HttpClient();
client.SetBasicAuthentication(userName, password);

var client = new HttpClient();
client.SetBearerToken(token);

see https://github.com/IdentityModel/IdentityModel/blob/main/src/Client/Extensions/AuthorizationHeaderExtensions.cs

Hitt answered 3/9, 2019 at 13:13 Comment(2)

First example does not work as SetBasicAuthentication() is not available by default so it has to be a extension method. Where is it defined? – Fortunia 28/11, 2019 at 14:9

@Fortunia Install the IdentityModel package first, then using IdentityModel.Client;. – Convector 10/4, 2022 at 8:2

UTF8 Option

request.DefaultRequestHeaders.Authorization = 
new AuthenticationHeaderValue(
    "Basic", Convert.ToBase64String(
        System.Text.Encoding.UTF8.GetBytes(
           $"{yourusername}:{yourpwd}")));

Abranchiate answered 13/7, 2019 at 18:53 Comment(0)

Using AuthenticationHeaderValue class of System.Net.Http assembly

public AuthenticationHeaderValue(
    string scheme,
    string parameter
)

we can set or update existing Authorization header for our httpclient like so:

httpclient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", TokenResponse.AccessToken);

Marsh answered 11/7, 2017 at 12:6 Comment(0)

BaseWebApi.cs

public abstract class BaseWebApi
{
    //Inject HttpClient from Ninject
    private readonly HttpClient _httpClient;
    public BaseWebApi(HttpClient httpclient)
    {
        _httpClient = httpClient;
    }

    public async Task<TOut> PostAsync<TOut>(string method, object param, Dictionary<string, string> headers, HttpMethod httpMethod)
    {
        //Set url

        HttpResponseMessage response;
        using (var request = new HttpRequestMessage(httpMethod, url))
        {
            AddBody(param, request);
            AddHeaders(request, headers);
            response = await _httpClient.SendAsync(request, cancellationToken);
        }

        if(response.IsSuccessStatusCode)
        {
             return await response.Content.ReadAsAsync<TOut>();
        }
        //Exception handling
    }

    private void AddHeaders(HttpRequestMessage request, Dictionary<string, string> headers)
    {
        request.Headers.Accept.Clear();
        request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

        if (headers == null) return;

        foreach (var header in headers)
        {
            request.Headers.Add(header.Key, header.Value);
        }
    }

    private static void AddBody(object param, HttpRequestMessage request)
    {
        if (param != null)
        {
            var content = JsonConvert.SerializeObject(param);
            request.Content = new StringContent(content);
            request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
        }
    }

SubWebApi.cs

public sealed class SubWebApi : BaseWebApi
{
    public SubWebApi(HttpClient httpClient) : base(httpClient) {}

    public async Task<StuffResponse> GetStuffAsync(int cvr)
    {
        var method = "get/stuff";
        var request = new StuffRequest 
        {
            query = "GiveMeStuff"
        }
        return await PostAsync<StuffResponse>(method, request, GetHeaders(), HttpMethod.Post);
    }
    private Dictionary<string, string> GetHeaders()
    {
        var headers = new Dictionary<string, string>();
        var basicAuth = GetBasicAuth();
        headers.Add("Authorization", basicAuth);
        return headers;
    }

    private string GetBasicAuth()
    {
        var byteArray = Encoding.ASCII.GetBytes($"{SystemSettings.Username}:{SystemSettings.Password}");
        var authString = Convert.ToBase64String(byteArray);
        return $"Basic {authString}";
    }
}

Serafina answered 22/1, 2020 at 7:36 Comment(0)

You can too to use the follow exemple, that it use IHttpClientFactory:

    readonly IHttpClientFactory _httpClientFactory;
    
    public HTTPClientHelper(IHttpClientFactory httpClientFactory, string clientName = null)
    {
        this._httpClientFactory = httpClientFactory;
    }

    public Task<T> GetAsync(string url, string token) {

        var client = _httpClientFactory.CreateClient(_clientName);

        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(JwtBearerDefaults.AuthenticationScheme, token);

        using (HttpResponseMessage response = await _client.GetAsync(url)){
          ......
        }
     }

Moffatt answered 26/1, 2022 at 13:50 Comment(0)

this could works, if you are receiving a json or an xml from the service and i think this can give you an idea about how the headers and the T type works too, if you use the function MakeXmlRequest(put results in xmldocumnet) and MakeJsonRequest(put the json in the class you wish that have the same structure that the json response) in the next way

/*-------------------------example of use-------------*/
MakeXmlRequest<XmlDocument>("your_uri",result=>your_xmlDocument_variable =     result,error=>your_exception_Var = error);

MakeJsonRequest<classwhateveryouwant>("your_uri",result=>your_classwhateveryouwant_variable=result,error=>your_exception_Var=error)
/*-------------------------------------------------------------------------------*/


public class RestService
{
    public void MakeXmlRequest<T>(string uri, Action<XmlDocument> successAction, Action<Exception> errorAction)
    {
        XmlDocument XMLResponse = new XmlDocument();
        string wufooAPIKey = ""; /*or username as well*/
        string password = "";
        StringBuilder url = new StringBuilder();
        url.Append(uri);
        HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url.ToString());
        string authInfo = wufooAPIKey + ":" + password;
        authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
        request.Timeout = 30000;
        request.KeepAlive = false;
        request.Headers["Authorization"] = "Basic " + authInfo;
        string documento = "";
        MakeRequest(request,response=> documento = response,
                            (error) =>
                            {
                             if (errorAction != null)
                             {
                                errorAction(error);
                             }
                            }
                   );
        XMLResponse.LoadXml(documento);
        successAction(XMLResponse);
    }



    public void MakeJsonRequest<T>(string uri, Action<T> successAction, Action<Exception> errorAction)
    {
        string wufooAPIKey = "";
        string password = "";
        StringBuilder url = new StringBuilder();
        url.Append(uri);
        HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url.ToString());
        string authInfo = wufooAPIKey + ":" + password;
        authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
        request.Timeout = 30000;
        request.KeepAlive = false;
        request.Headers["Authorization"] = "Basic " + authInfo;
       // request.Accept = "application/json";
      //  request.Method = "GET";
        MakeRequest(
           request,
           (response) =>
           {
               if (successAction != null)
               {
                   T toReturn;
                   try
                   {
                       toReturn = Deserialize<T>(response);
                   }
                   catch (Exception ex)
                   {
                       errorAction(ex);
                       return;
                   }
                   successAction(toReturn);
               }
           },
           (error) =>
           {
               if (errorAction != null)
               {
                   errorAction(error);
               }
           }
        );
    }
    private void MakeRequest(HttpWebRequest request, Action<string> successAction, Action<Exception> errorAction)
    {
        try{
            using (var webResponse = (HttpWebResponse)request.GetResponse())
            {
                using (var reader = new StreamReader(webResponse.GetResponseStream()))
                {
                    var objText = reader.ReadToEnd();
                    successAction(objText);
                }
            }
        }catch(HttpException ex){
            errorAction(ex);
        }
    }
    private T Deserialize<T>(string responseBody)
    {
        try
        {
            var toReturns = JsonConvert.DeserializeObject<T>(responseBody);
             return toReturns;
        }
        catch (Exception ex)
        {
            string errores;
            errores = ex.Message;
        }
        var toReturn = JsonConvert.DeserializeObject<T>(responseBody);
        return toReturn;
    }
}
}

Glottology answered 1/8, 2014 at 16:35 Comment(0)

It may be easier to use an existing library.

For example, the extension methods below are added with Identity Server 4 https://www.nuget.org/packages/IdentityModel/

 public static void SetBasicAuthentication(this HttpClient client, string userName, string password);
    //
    // Summary:
    //     Sets a basic authentication header.
    //
    // Parameters:
    //   request:
    //     The HTTP request message.
    //
    //   userName:
    //     Name of the user.
    //
    //   password:
    //     The password.
    public static void SetBasicAuthentication(this HttpRequestMessage request, string userName, string password);
    //
    // Summary:
    //     Sets a basic authentication header for RFC6749 client authentication.
    //
    // Parameters:
    //   client:
    //     The client.
    //
    //   userName:
    //     Name of the user.
    //
    //   password:
    //     The password.
    public static void SetBasicAuthenticationOAuth(this HttpClient client, string userName, string password);
    //
    // Summary:
    //     Sets a basic authentication header for RFC6749 client authentication.
    //
    // Parameters:
    //   request:
    //     The HTTP request message.
    //
    //   userName:
    //     Name of the user.
    //
    //   password:
    //     The password.
    public static void SetBasicAuthenticationOAuth(this HttpRequestMessage request, string userName, string password);
    //
    // Summary:
    //     Sets an authorization header with a bearer token.
    //
    // Parameters:
    //   client:
    //     The client.
    //
    //   token:
    //     The token.
    public static void SetBearerToken(this HttpClient client, string token);
    //
    // Summary:
    //     Sets an authorization header with a bearer token.
    //
    // Parameters:
    //   request:
    //     The HTTP request message.
    //
    //   token:
    //     The token.
    public static void SetBearerToken(this HttpRequestMessage request, string token);
    //
    // Summary:
    //     Sets an authorization header with a given scheme and value.
    //
    // Parameters:
    //   client:
    //     The client.
    //
    //   scheme:
    //     The scheme.
    //
    //   token:
    //     The token.
    public static void SetToken(this HttpClient client, string scheme, string token);
    //
    // Summary:
    //     Sets an authorization header with a given scheme and value.
    //
    // Parameters:
    //   request:
    //     The HTTP request message.
    //
    //   scheme:
    //     The scheme.
    //
    //   token:
    //     The token.
    public static void SetToken(this HttpRequestMessage request, string scheme, string token);

Plater answered 23/1, 2020 at 13:18 Comment(0)

Firstly, I wouldn't use HttpClient directly. It's too easy to make mistakes - particularly in the area of headers. The DefaultHeadersCollection is not immutable and not thread-safe because other parts of the app can change the headers on you. It's best to set the headers when you make the call. If you are working with an abstraction, and that is recommended because the classes in this area are a bit of a mess, you would want to have a headers collection and put those on your HttpRequestMessage before you send it. You need to make sure you put the content headers on the content, and not the message.

Code Reference

foreach (var headerName in request.Headers.Names)
{
    //"Content-Type"
    if (string.Compare(headerName, HeadersExtensions.ContentTypeHeaderName, StringComparison.OrdinalIgnoreCase) == 0)
    {
        //Note: not sure why this is necessary...
        //The HttpClient class seems to differentiate between content headers and request message headers, but this distinction doesn't exist in the real world...
        //TODO: Other Content headers
        httpContent?.Headers.Add(HeadersExtensions.ContentTypeHeaderName, request.Headers[headerName]);
    }
    else
    {
        httpRequestMessage.Headers.Add(headerName, request.Headers[headerName]);
    }
}

Here is a data structure that you could use to send the request which includes the headers.

Code Reference

public interface IRequest
{
    CancellationToken CancellationToken { get; }
    string? CustomHttpRequestMethod { get; }
    IHeadersCollection Headers { get; }
    HttpRequestMethod HttpRequestMethod { get; }
    AbsoluteUrl Uri { get; }
}

public interface IRequest<TBody> : IRequest
{
    TBody? BodyData { get; }
}

And, a headers collection:

Code Reference

public sealed class HeadersCollection : IHeadersCollection
{
    #region Fields
    private readonly IDictionary<string, IEnumerable<string>> dictionary;
    #endregion

    #region Public Constructors

    public HeadersCollection(IDictionary<string, IEnumerable<string>> dictionary) => this.dictionary = dictionary;

    public HeadersCollection(string key, string value) : this(ImmutableDictionary.CreateRange(
                new List<KeyValuePair<string, IEnumerable<string>>>
                {
                    new(key, ImmutableList.Create(value))
                }
                ))
    {
    }

    #endregion Public Constructors

    #region Public Properties
    public static HeadersCollection Empty { get; } = new HeadersCollection(ImmutableDictionary.Create<string, IEnumerable<string>>());
    public IEnumerable<string> Names => dictionary.Keys;
    IEnumerable<string> IHeadersCollection.this[string name] => dictionary[name];
    #endregion Public Properties

    #region Public Methods
    public bool Contains(string name) => dictionary.ContainsKey(name);

    public IEnumerator<KeyValuePair<string, IEnumerable<string>>> GetEnumerator() => dictionary.GetEnumerator();

    IEnumerator IEnumerable.GetEnumerator() => dictionary.GetEnumerator();
    public override string ToString() => string.Join("\r\n", dictionary.Select(kvp => $"{kvp.Key}: {string.Join(", ", kvp.Value)}\r\n"));
    #endregion
}

See all the working code and examples here.

Salimeter answered 25/4, 2021 at 2:20 Comment(0)

I came across this old thread. The problem I had was that I know to use a static HttpClient, but my token needs refreshing every 59 minutes.

So I could have used HttpClientFactory, but because one of my projects was still in .NET 4.8, I created a class that inherited from HttpClient so I have similar code in all projects. A secret is needed to be able to get the token (I'm using identityserver4).

I then set that as a singleton in DI (I'm using Ninject here):

Bind<MyHttpClient>().ToMethod(c =>
{
    var accessKey = ConfigurationManager.AppSettings["AccessKey"];

    var client = new MyHttpClient(accessKey)
    {
        BaseAddress = new Uri(MyUrls.MyApiBaseUrl)
    };

    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));

    return client;
}).InSingletonScope();

Then the class itself - named after the API it is used to access:

public class MyHttpClient : BaseHttpClient
{
     private static readonly HttpClient _authHttpClient = new HttpClient();
     private string _secret;

     public MyHttpClient(string secret)
     {
         _secret = secret;
     }

    /// <summary>
    /// Add the token to each and every request, cached for 1 minute less than the token's lifetime
    /// </summary>
    /// <param name="request"></param>
    /// <param name="cancellationToken"></param>
    /// <returns></returns>
    /// <exception cref="Exception"></exception>
    public override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        cancellationToken.ThrowIfCancellationRequested();

        var cacheSeconds = 3600 - 60; // Default of 59 minutes

        var token = CacheHelper<string>.Get("MyToken", cacheSeconds * 60, () =>
        {
            var authorityUrl = MyUrls.AuthServerUrl;

            // discover endpoints from metadata
            DiscoveryDocumentResponse disco;
            disco = _authHttpClient.GetDiscoveryDocumentAsync(authorityUrl).Result;
            if (disco.IsError)
            {
                throw new Exception("Error getting discovery document: " + disco.Error);
            }

            // request token
            var tokenResponse = _authHttpClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
            {
                Address = disco.TokenEndpoint,

                ClientId = "myapp",
                ClientSecret = _secret,
                Scope = "myapi"
            }).Result;

            if (tokenResponse.IsError)
            {
                throw new Exception("Error getting token: " + tokenResponse.Error);
            }

            if (tokenResponse.ExpiresIn < cacheSeconds + 60)
            {
                throw new Exception($"Token expires in {tokenResponse.ExpiresIn}s, which is less than {cacheSeconds + 60}");
            }

            if (tokenResponse.ExpiresIn > cacheSeconds + 60)
            {
                Log.Warn().Message($"Token expiry in {tokenResponse.ExpiresIn}s, which is greater than {cacheSeconds}").Write();
            }

            return tokenResponse.AccessToken;
        });

        // THIS IS THE BIT - Assign this inside a SendAsync override and you are done!
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
        return base.SendAsync(request, cancellationToken);
    }

}

Finally just for completeness, my CacheHelper class looks like this:

public static class CacheHelper<T>
{
    private static readonly object _locker = new object();

    public static T Get(string cacheName, int cacheTimeoutSeconds, Func<T> func)
    {
        var obj = MemoryCache.Default.Get(cacheName, null);
        if (obj != null) return (T)obj;

        lock (_locker)
        {
            obj = MemoryCache.Default.Get(cacheName, null);
            if (obj == null)
            {
                obj = func();
                var cip = new CacheItemPolicy
                {
                    AbsoluteExpiration = new DateTimeOffset(DateTime.UtcNow.AddSeconds(cacheTimeoutSeconds))
                };
                MemoryCache.Default.Set(cacheName, obj, cip);
            }
        }

        return (T)obj;
    }
}

Enneahedron answered 21/2, 2022 at 13:21 Comment(0)

If you are using Visual Studio IISExpress debug mode and connecting to the HTTP port rather than the HTTPS port you may find that the auth headers are being dropped.

Switch to the SLL connection and they will appear again.

unsure why, possibly the setup redirects the http traffic and that causes the auth to be removed.

Freeness answered 3/6, 2021 at 9:45 Comment(0)

-1

This may help Setting the header:

WebClient client = new WebClient();

string authInfo = this.credentials.UserName + ":" + this.credentials.Password;
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
client.Headers["Authorization"] = "Basic " + authInfo;

Meridithmeriel answered 13/5, 2014 at 9:1 Comment(1)

He is using HttpClient, not WebClient. – Foundling 27/6, 2014 at 9:5

-1

static async Task<AccessToken> GetToken()
{
        string clientId = "XXX";
        string clientSecret = "YYY";
        string credentials = String.Format("{0}:{1}", clientId, clientSecret);

        using (var client = new HttpClient())
        {
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes(credentials)));
            List<KeyValuePair<string, string>> requestData = new List<KeyValuePair<string, string>>();
            requestData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials"));
            FormUrlEncodedContent requestBody = new FormUrlEncodedContent(requestData);
            var request = await client.PostAsync("https://accounts.spotify.com/api/token", requestBody);
            var response = await request.Content.ReadAsStringAsync();
            return JsonConvert.DeserializeObject<AccessToken>(response);
        }
    }

Zenger answered 19/11, 2019 at 21:58 Comment(1)

Welcome to stackoverflow. In addition to the answer you've provided, please consider providing a brief explanation of why and how this fixes the issue. – Shaun 19/11, 2019 at 22:15

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

UTF8 Option

Recommended topics

Hot tags