David David - 2 months ago 44
C# Question

Whats between Application_BeginRequest and DelegatingHandler

Authorization Header is getting stripped from request somewhere between begin_request and DelegatingHandler.SendAsync. Im trying to debug why this is happening.

I have a Delegating Handler in my WebApi designed to validate the Json WebToken. Unfortunately when SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) fires the Authorization property of the request is null.

However in Application Begin Request the Authorization Header appears to be received from the client.

{Connection=keep-alive&Authorization=Bearer+ey[Deleted Most]9g&Host=}

I need to get the Authorization value in my SendAsync so I can Validate it.

Why is it being removed?

Or short of that what actions\events occur before the DelegatingHandler that might be altering the headers and removing it?

Microsoft.AspNet.WebApi version 5.2.3
on IIS version 10.0.10586.0
running on Windows 10 build 10586.494


Not a complete answer but http://jameschambers.com/2013/11/working-with-iauthenticationfilter-in-the-mvc-5-framework/

Answered a portion of what occurs before the Delegating Handler that calls the third party. By creating a ActionFilterAttribute, IAuthenticationFilter the Authentication can be intercepted and handled in whatever custom way is desired.