Use token method GET WebAPI HttpClient

Navigation
3

My problem is this: I'm consuming a WebAPI with the PostAsJsonAsync method In this call I'm getting a Token for authentication in the ADMIN methods of an EAD platform we're working on.

So far so good. When I call the ADMIN methods by sending the Token returned in the login method, it is returning as "Unauthorized". Here is some of the code that is not working: 

response = null;                     
vAuth_token = retorno.authentication_token;

client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("X-Auth-Token", vAuth_token);

response = await client.GetAsync("api/admin/users");
if (response.IsSuccessStatusCode)
{
  //HTTP GET
  try
  {
    Usuarios usuarios = await response.Content.ReadAsAsync<Usuarios>();
  }
  catch (Exception erro)
  {

  }
}
    
asked by anonymous 11.08.2015 / 16:39

3 answers

3

Samuel is completely right. To give you more information, understand that: 

client.DefaultRequestHeaders.Authorization

is equivalent to: 

HTTP/1.1
Authorization: <tipo> <token>

DefaultRequestHeaders is a collection of keys and values, equal to Dictionary<TKey,TValue> . So, the following is exactly the same as the previous one: 

client.DefaultRequestHeaders.Add("Authorization", "<tipo> <token>");

If you want something like this: 

HTTP/1.1
X-Auth-Token: <qualquer coisa>

I would have to use the same as @SamuelMcAravey said, which would be: 

client.DefaultRequestHeaders.Add("X-Auth-Token", "<qualquer coisa>");

More information about HTTP headers can be found in various sources on the internet, this article from Wikipedia being one of them.

    
11.08.2015 / 20:13
2

The problem is here: 

client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("X-Auth-Token", vAuth_token);

What happens is that the HTTP header looks something like this: 

Authorization: X-Auth-Token <<seu token aqui>>

When you are building the AuthenticationHeaderValue the first parameter is called scheme. You see this used enough for Bearer Authentication, but I think you're just wanting it to be a normal header. To do this you can try something like this: 

client.DefaultRequestHeaders.Add("X-Auth-Token", vAuth_token);

And then you will see a header so it should work: 

X-Auth-Token: <<seu token>>
    
11.08.2015 / 19:51
1

I needed to first call the login page with the Token to login, and then call the ADMIN method.

Resolution: 

if (retorno.valid == "true") {
response = null;
client = null;
vAuth_token = retorno.authentication_token;

client = new HttpClient(httpClientHandler);
client.BaseAddress = new Uri("http://xxxxxx.xxxxxx.xxx/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
response = await client.PostAsJsonAsync("api/login?auth_token=" + vAuth_token, "");

response = null;
client = null;
client = new HttpClient(httpClientHandler);
client.BaseAddress = new Uri("http://xxxxxx.xxxxxx.xxx/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("X-Auth-Token", vAuth_token);
response = await client.GetAsync("api/admin/users");
if (response.IsSuccessStatusCode) {
    // HTTP GET
    try
    {
        //Usuarios usuarios = await response.Content.ReadAsAsync<Usuarios>();
        var data = response.Content.ReadAsStringAsync().Result;
    }
    catch (Exception erro)
    {

    }
}

Thank you!

    
11.08.2015 / 22:00
AES in PHP is secure? How to remove the last character, save the result to a variable and use the variable outside the foreach?