Search code examples
c#oauth-2.0http-headershttp-postboxapiv2

Custom header not included in the http post request

Box.com's Enterprise User Provisioning API requires OAUTH2 token in the header of the request ("Authorization: Bearer faKE_toKEN_1234"). I've ran the code below against http://www.xhaus.com/headers, http://httpbin.org/post and http://www.cs.tut.fi/cgi-bin/run/~jkorpela/echo.cgi and observed packets with Microsoft Network Monitor and as far as I know my request header does not include the "Authorization" value I wish to include there.

Is the code below missing something (code or a point)?

    HttpWebRequest request = (HttpWebRequest) WebRequest.Create(API_URL);
    request.Method = "POST";
    request.ServicePoint.Expect100Continue = false;
    request.ContentType = "application/x-www-form-urlencoded";
    request.Timeout=10000;

    string postData = Parameters;
    ASCIIEncoding encoding = new ASCIIEncoding ();
    byte[] byte1 = encoding.GetBytes (postData);
    request.ContentLength = byte1.Length;
    Stream reqStream = request.GetRequestStream();
    reqStream.Write(byte1, 0, byte1.Length);
    reqStream.Close();

    //This is puzzling me, why can't I see this header anywere 
    //when debugging with packet monitor etc?
    request.Headers.Add("Authorization: Bearer " + access_token);


    HttpWebResponse response = (HttpWebResponse) request.GetResponse();
    Stream dataStream = response.GetResponseStream ();
    StreamReader reader = new StreamReader (dataStream);
    string txtResponse = reader.ReadToEnd ();
    return txtResponse;
Solution

  • I think you need to set the header before you write the postData and close the request stream. This appeared to work for me:

    static void Main(string[] args)
{
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://www.xhaus.com/headers");
    request.Method = "POST";
    request.ServicePoint.Expect100Continue = false;
    request.ContentType = "application/x-www-form-urlencoded";
    request.Timeout = 10000;

    request.Headers.Add("Authorization: Bearer_faKE_toKEN_1234");

    string postData = "postData";
    ASCIIEncoding encoding = new ASCIIEncoding();
    byte[] byte1 = encoding.GetBytes(postData);
    request.ContentLength = byte1.Length;
    Stream reqStream = request.GetRequestStream();
    reqStream.Write(byte1, 0, byte1.Length);
    reqStream.Close();

    HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    Stream dataStream = response.GetResponseStream();
    StreamReader reader = new StreamReader(dataStream);
    string txtResponse = reader.ReadToEnd();

    Console.WriteLine(txtResponse);
    Console.ReadKey();
}