HTTP 401 user is unauthorized on web service call from C#, works in Postman

Question

I am trying to call a service by adding reference of it in my C# console application. It requires bearer authentication.

When I post from Postman, it works fine and returns the response. But when I access it from my C# code, it returns a http 401 error.

Postman CURL looks like this:

curl --location 'https://api-secure-uat.com/v1' \
--header 'Content-Type: text/xml' \
--header 'SOAPAction: http://secure.com/Services/v1/CreateSession' \
--header 'Authorization: Bearer qv5bBU9HuQ0F5p3CT5EXAXbXd3w2' \
--data '<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<CreateSession xmlns="http://secure.com/Services/v1/">
<reqCreateSession>
<client>
<name>hrix03hQoSwweIE1NuHrDHu5Ooz66jmx</name>
<clientId>hrix03hQoSwweIE1NuHrDHu5Ooz66jmx</clientId>
<appservername>test-client</appservername>
<appserverip>10.10.10.10</appserverip>
<appservertimestamp>2023-12-26T16:28:59.704Z</appservertimestamp>
<SubClientId xsi:nil="true"/>
<SubClientName xsi:nil="true"/>
<SalesAgentId xsi:nil="true"/>
<SalesAgentName xsi:nil="true"/>
</client>
</CreateSession>
</soap:Body>
</soap:Envelope>'

I am trying this C# code to call the service method:

BasicHttpBinding binding = new BasicHttpBinding
    {
         Security = new BasicHttpSecurity
         {
              Mode = BasicHttpSecurityMode.Transport
         }
    };

// Create an instance of the service client
CoAServicesClient optixServiceclient = new CoAServicesClient(binding, new EndpointAddress(url));
    
// Add Bearer token to the HTTP request headers
HttpRequestMessageProperty requestProperty = new HttpRequestMessageProperty();
requestProperty.Headers["Authorization"] = $"Bearer {bearerToken}";

OperationContextScope contextScope = new OperationContextScope(optixServiceclient.InnerChannel);
            
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = requestProperty;

try
{
    // Calling service method here
    CreateSessionResponse csResponse = optixServiceclient.CreateSessionAsync(GetCreateSessionObject()).Result;

    // Process the result here
    Console.WriteLine($"Service response: {csResponse}");
}
catch (Exception ex)
{
    Console.WriteLine($"Error calling service: {ex.Message}");
}

I can see that I am passing the correct headers but still getting 401.

Can anyone guide what could be wrong with code that its not working?

The best part is, even SOAPUI is throwing same error 401 while only postman seems to be working. Can I get any clue as to what could possibly be wrong?

Answer 1

Try code:

CoAServicesClient optixServiceclient=new CoAServicesClient();
var httpRequestProperty = new HttpRequestMessageProperty();
httpRequestProperty.Headers["Authorization"] = $"Bearer {bearerToken}";
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;

Generally speaking, you do not need to write endpoints and bindings with service references.

CoAServicesClient optixServiceclient=new CoAServicesClient();

If you have other settings in the webservice, it should be said separately.

When calling a service, use:

CreateSessionResponse csResponse = optixServiceclient.CreateSessionAsync(GetCreateSessionObject()).Result;

However, this method is generally used by the WCF. I think you can try httpclient as well.