37

When using WebRequest to send a POST, the Authorization header is not sent with the request even though I have manually set the header and set PreAuthenticate to true, eg:

webRequest.Headers["Authorization"] = "OAuth oauth_consumer_key=bFPD...";
webRequest.PreAuthenticate = true;

Using Fiddler I can see that the Authorization header is not sent. The target site (Twitter) returns a 400 (Bad request) rather than a 401 (Not authorized) which is therefore the incorrect challenge required for WebRequest to send the Authorization data. For information, the returned content is:

{"errors":[{"message":"Bad Authentication data","code":215}]}

So, how do I get around this? How can I force WebRequest to send the Authorization with initial request? Note that the authorization data is not Basic Authentication, rather it is an OAuth string.

Thanks

chris
  • 1,731
  • 4
  • 26
  • 33

4 Answers4

74

Here's my solution. The value is in variable json.

var myUri = new Uri(fullpath);
var myWebRequest = WebRequest.Create(myUri);
var myHttpWebRequest = (HttpWebRequest)myWebRequest;
myHttpWebRequest.PreAuthenticate = true;
myHttpWebRequest.Headers.Add("Authorization", "Bearer " + AccessToken);
myHttpWebRequest.Accept = "application/json";

var myWebResponse = myWebRequest.GetResponse();
var responseStream = myWebResponse.GetResponseStream();
if (responseStream == null) return null;

var myStreamReader = new StreamReader(responseStream, Encoding.Default);
var json = myStreamReader.ReadToEnd();

responseStream.Close();
myWebResponse.Close();
JuanPablo
  • 813
  • 7
  • 11
9

This drove me bonkers, but eventually found the answer in Adding Headers and Post data in RESTfull/HTTP Request in C#.

The solution for me was adding the Authorization Header BEFORE writing the request stream.

Hope this helps.

Community
  • 1
  • 1
stevefinn
  • 91
  • 1
3

Try this, but there should be no space between the authorization headers.

var authHeader = "OAuth  oauth_consumer_key=bFPD...";
webRequest.Headers.Add("Authorization", authHeader);
You
  • 41
  • 4
  • 1
    That doesn't work (I think it has exactly the same effect as the code above anyway). Please note that the authorization header is correct (with spaces) as it works with a GET but not with a POST. – chris Jan 16 '14 at 16:54
0

my solulion

                var request = WebRequest.Create(requestUri);

                System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
                
                request.ContentType = "application/json";
                request.Method = "GET";
                request.Headers.Add("Authorization", "Bearer " + Token);

                var type = request.GetType();
                var currentMethod = type.GetProperty("CurrentMethod", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(request);

                var methodType = currentMethod.GetType();
                methodType.GetField("ContentBodyNotAllowed", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(currentMethod, false);

                using (var streamWriter = new StreamWriter(request.GetRequestStream()))
                {
                    streamWriter.Write(JsonConvert.SerializeObject(Entity));
                }

                var response = request.GetResponse();
                var responseStream = response.GetResponseStream();
                if (responseStream != null)
                {
                    var myStreamReader = new StreamReader(responseStream, Encoding.Default);
                    var resultEntity= myStreamReader.ReadToEnd();
                    myStreamReader.ReadToEnd());
                }
                responseStream.Close();
                response.Close();
mahmood ghasemi
  • 21
  • 4