0

I am implementing a token authentication into a system that has legacy Windows Authentication. I have followed some token examples and have come up with the following. Here is my request header that I am issuing in Angular UI:

authorization:bearer - token value
Authorization:Negotiate some value

I am adding token to the request like this:

config.headers.authorization = "bearer " + access_token;

As you can see I end up with two a/A authorizations. The response from the server is:

HTTP Error 400. The request has an invalid header name

I am assuming it's because of these two entries. I have tried using capital A for my token entry but the response was the same.

Any idea, please?

Edit 1

    GET /api/case HTTP/1.1
    Authorization   bearer value
    Accept  application/json, text/plain, */*
    Referer http://localhost/main.aspx
    Accept-Language en-US
    Accept-Encoding gzip, deflate
   User-Agent   Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0)  like Gecko
   Cookie   ASP.NET_SessionId=value
   Host localhost
   Authorization    Negotiate value
Mark
  • 4,535
  • 7
  • 39
  • 76
  • Any chance you could include all of the headers for the request that fails? (from the browser network monitor or something like Fiddler) – Jack A. Sep 24 '15 at 17:25
  • It seems that having multiple authentication headers is the problem (e.g., http://stackoverflow.com/questions/29282578/multiple-http-authorization-headers). Have you tried using just the token? – Jack A. Sep 24 '15 at 17:38
  • I will look into a link you are providing, but meanwhile .. I am not adding Authorization Negotiate .... it gets there somehow. – Mark Sep 24 '15 at 17:44
  • 1
    In that case, it seems likely that IIS is set up to require authentication, and the "Authorization: Negotiate..." header you are seeing is part of the negotiation process that it is kicking off. For authentication issues, I've found Fiddler (http://www.telerik.com/download/fiddler) to be much more helpful than the browser network tools as it lets you see all of the requests. – Jack A. Sep 24 '15 at 18:04
  • I am not using Browser tools. I am using Charles. But I think you have explained it. Thanks – Mark Sep 24 '15 at 18:06

0 Answers0