200 status Postman request, but 401 when requesting from the browser

0
votes

I have a frustrating problem with my API call (Asp.Net WebAPI and Angular). I use bearer token authorization to authorize the requests. When I make a request to the API from Postman it returns 200 Ok but when I try it from the browser (Angular) I get 401 Unauthorized.

I can get it working if I use [AllowAnonymous] attribute on top of the controller action but I'd like to keep the [Authorize] attribute for the security reasons.

I'm not sure what's causing this error. Here is the screenshot of the request headers from the browser. As you can see it includes the valid bearer token as well. The funny thing is that the Authorize attribute works for the other actions in my controller.

https://i.stack.imgur.com/K5OB1.png

Thank you in advance.

1
angularasp.net-web-apiauthorizationpostmanbearer-token
is the token attached with the request from webapp? check the network tab in chrome debugger - Prinju Koshy Vaidyan
401 basically means that the server is expecting an authorization field in the request header and is unable to see one or that the provided authorization details are incorrect. Verify on Postman if there is any authorization field that's being sent along with the request and accordingly correct it for the browser. - Sai Gummaluri
Yes, the bearer token is included in the header I have put the screenshot of the request headers already. I just tried to generate a token from the client-side and use the generated token in postman, I get a 401 error. But when I generate a token from postman, I am able to get 200 ok status - Volvo
Also, it works when I publish the web API in Azure App Service. - Volvo
@Volvo this does sound like a browser issue. Do you get the same in other browsers and/or incognite mode as well? - derisen

1 Answers

0
votes

I am answering my own question because I found the reason why this issue occurs. I make a token request to the API which is published on Azure App Service and trying to use that token in my localhost API. Somehow this is causing the issue. When I make a request to the localhost API through postman, I use the token which I have received from the localhost API. So using the token from the localhost API solves this issue.