Sending and getting http headers

Question

I am working on an asp.net Web API and I have an web application that consumes this api. Right now it is working perfectly since I don't have the [Authorize] part on my api controller. So, if I want to secure this api, my web application will not be able anymore to fetch data from the API because it is not authorized. So how can I send the token generated from my API to my web app and to allow it to fetch the needed data? -I am using postman for testing my app; -my api return jwt token; -I am not really familiar with http headers.

My consuming web application controller :

        public ActionResult Index()
        {
            IEnumerable<OperatorClass> OperatorObject = null;
            HttpClient client = new HttpClient();
            client.BaseAddress = new Uri("https://localhost:44304/api/");
            var ApiOpController = client.GetAsync("data");
            client.DefaultRequestHeaders.Add("Authorization", "Bearer"+"");
            ApiOpController.Wait();
            var resultDisplay = ApiOpController.Result;
            if (resultDisplay.IsSuccessStatusCode)
            {
                var readTable = resultDisplay.Content.ReadAsAsync<IList<OperatorClass>>();
                readTable.Wait();
                OperatorObject = readTable.Result;

            }
            else
            {
                OperatorObject = Enumerable.Empty<OperatorClass>();
                ModelState.AddModelError(String.Empty, "No records found");
            }
            return View(OperatorObject);
        }

My web API controller

[Authorize]
[HttpGet]
public IHttpActionResult GetOperators()
{
    SchoolEntity myEntity = new SchoolEntity ();
    IList<OperatorClass> OperatorObject = myEntity.Operator.Include("Operator").Select(x => new OperatorClass()
    {
        name = x.name,
        lastname = x.lastname,
        mobile = x.mobile,
        username = x.username,
        password = x.password
    }).ToList<OperatorClass>();
    return Ok(OperatorObject);
}

Answer 1

string token = <Your token>
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");

this should work for you.

To be able to use your MVC controller, you need to store the token when it returns. One way to do it is to store it using Session.

Assuming you are using sign in to get the token, anytime you sign in successfully you can store the token using the session. See below.

//For brevity after successful login
string myToken = <token returned from api>
HttpContext.Session.SetString("token", myToken);
//other codes

then you can use this in all of your controllers.

public async Task<ActionResult> Index()
        {
            IEnumerable<OperatorClass> OperatorObject = null;
            HttpClient client = new HttpClient();
            client.BaseAddress = new Uri("https://localhost:44304/api/");
            
            //note here
            var token = HttpContext.Session.GetString("token");
            client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");
            //ApiOpController.Wait();
            var resultDisplay = await client.GetAsync("data");
            if (resultDisplay.IsSuccessStatusCode)
            {
                var readTable = await resultDisplay.Content.ReadAsAsync<IList<OperatorClass>>();
                //readTable.Wait();
                OperatorObject = readTable;

            }
            else
            {
                OperatorObject = Enumerable.Empty<OperatorClass>();
                ModelState.AddModelError(String.Empty, "No records found");
            }
            return View(OperatorObject);
        }