MVC to WebAPI- httpclient

1
votes

I have MVC App and webapi and both are in different projects and mvc app authenticates via webapi using token authentication. I can authenticate via webapi and get the bearer token in MVC.But when i pass the bearer token to webapi and access resources which are protected by authorize keyword , it throws unauthorized 401 response. Iam using httpclient within MVC to communicate to webapi

1) Using fiddler i can login to webapi and access the webapi resouces using bearer token and authorization working properly.
2) using console app , i can login to webapi and access the webapi resources using bearer token and httpclient works properly
3) using a different MVC project and access the webapi using httpclient gives the same unauthorized error.

using (System.Net.Http.HttpClient client = new System.Net.Http.HttpClient(handler))
            {
                client.BaseAddress = new Uri(url);
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", BearerToken);

                string json = JsonConvert.SerializeObject(requestvalue);

                System.Net.Http.HttpResponseMessage response = await client.PostAsync(url, new StringContent(json, Encoding.UTF8, "application/json"));


                if (response.IsSuccessStatusCode)
                {
                    HttpContent content = response.Content;
                    if (content != null)
                    {
                        value = content.ReadAsAsync<T>().Result;
                    }
                }
            }

Can anyone help on this issue?

1
asp.net-web-apimodel-view-controllertoken
Are you sure your the BearerToken is set in your server side client code? Can you verify the token is included in the request by capturing the http traffic in fiddler?Mike Lunn
the authorize is set in webapi layer and MVC . From MVC it would be cookie based and it goes through properly. Also i checked the fiddler and the bearer token is passed properly to webapiuser1570697
Message=Authorization has been denied for this request.user1570697
fiddler request which is working , the headers are <br> User-Agent: Fiddler Content-Length: 0 Accept: application/json Content-Type: application/json; charset=utf-8 Host: localhost:56130 Authorization : Bearer zaNJqdcsHIApuR1_L_...<br> MVC http client headers which is not working <br> Accept: application/json Authorization: Bearer bWBHFrgKN5WmAQYYl4jO.... Content-Type: application/json; charset=utf-8 Host: localhost:56130 Content-Length: 49 Expect: 100-continue Connection: Keep-Aliveuser1570697

1 Answers

0
votes

I'd recommend you to capture the HTTP request sent through the HTTP Client via Fiddler and compare it to the request that was successful. Even though, you're setting the Authorization header on the http client, I'm not sure if it is sent in the right format required by the Web API unless I inspect the raw HTTP request

Also you can try setting the authorization header, like below.

client.DefaultRequestHeaders.Add("Authorization", "Bearer " + tokenNo);