I need to consume a web resource from a VB.NET app. I have successfully retrieved the access token and am ready to use it to make calls to the protected resource. However, everytime I call the protected resource I receive a 401 Unauthorized response because the Authorization field has not been added to the header.
Here is my code.
WebRequest = DirectCast(Net.WebRequest.Create(ApiUri), HttpWebRequest)
WebRequest.Method = "POST"
WebRequest.ContentType = "application/json"
WebRequest.ContentLength = Bytes.Length
Dim RequestStream As IO.Stream = WebRequest.GetRequestStream
RequestStream.Write(Bytes, 0, Bytes.Length)
RequestStream.Close()
WebRequest.Headers("Authorization") = "OAuth " & _
"oauth_version=""1.0""," & _
"oauth_nonce=""" & Nonce & """," & _
"oauth_timestamp=""" & TimeStamp & """," & _
"oauth_consumer_key=""" & ConsumerKey & """," & _
"oauth_token=""" & Token & """," & _
"oauth_signature_method=""HMAC-SHA1""," & _
"oauth_signature=""" & Signature & """"
WebResponse = DirectCast(WebRequest.GetResponse(), HttpWebResponse)
I then monitor the request using Fiddler. All I see in Fiddler is the request with the 401 response as shown below (excluding the bodies).
Request
POST ***url*** HTTP/1.0
Content-Type: application/json
Host: ***host***
Content-Length: 45
Connection: Keep-Alive
Response
HTTP/1.0 401 Unauthorized
X-Powered-By: PHP/5.3.13
WWW-Authenticate: Basic realm="***realm***"
Content-type: application/json
Content-Length: 79
Connection: keep-alive
Date: Mon, 07 Jan 2013 01:13:22 GMT
Server: lighttpd/1.4.28
Everywhere I’ve read on the internet indicates that HttpWebRequest should first challenge the server and receive a 401 response as I’m seeing here. It should then try again with the Authorization field added to the header and get the 200 OK response. This second part doesn’t happen. Am I not understanding how this works correctly, or am I doing something wrong?
Turns out you need to add the content using a BinaryWriter, not a Stream.
So instead of this.
Do this.