Unable to pass Authorization header

[JulianJJ]

Expected Behavior

When I pass Authorization header I should receive in the target API just like dapr api key

Actual Behavior

Authorization header is not received in the target API

[WhitWaldo]

Could you share some more information about what you're calling and how? Bonus points if you could share a simple repro project!

[WhitWaldo]

@JulianJJ I put together my own sample project and was unable to reproduce what you're seeing. Again, your own repro would be helpful, but in lieu of that, could you answer a couple of questions for me:

• Could you confirm that you're using InvokeMethodAsync and passing it an HttpRequestMessage decorated with the Authorization header?
• Does the receiving API receive the request at all?
• Do you see any headers on the target API? Is it only missing the Authorization header?

[JulianJJ]

@WhitWaldo Thanks for the reply.
Here is the part of the code..
Source Call from backend of Service A
var request = _daprClient.CreateInvokeMethodRequest(method, "serviceb", methodName, new List<KeyValuePair<string, string>>(), request);
req.Headers.Add("test-api-key","test"); //pass
req.Headers.Add("authorization,"Bearer tokenstring"); //Doesn't work
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer ", "tokenstring"); //Doesn't work
var result = await _serviceClient.InvokeMethodAsync(req, token);

API in Service B

[Authorize]
public class TestController : ControllerBase
{
[HttpGet]
public IActionResult Get()
{
return Ok("Pass");
}

}

The Service B get 401 Unauthorized as the Bearer token is never passed along with the request. I can see I get test-api-key in the request header in Service B but not the authorization header.

[WhitWaldo]

@JulianJJ Thank you for the additional details.

I added a unit test to the suite to validate that all headers passed in with an HttpRequestMessage to InvokeMethodAsync on the client are present in the request it makes via the HTTP client and that's passing as expected.

I then created two simple ASP.NET Core repro projects in which I passed a GET request from Service A to Service B, creating the request as you did via _daprClient.CreateInvokeMethodRequest and supplementing it with "test-api-key:test", "Authorization:Bearer abc123" and "Accept:application/json" and all headers are present when I break on the inbound request to my Service B controller. We should definitely add this as an end-to-end test to validate, but I'm afraid I'm simply unable to reproduce the problem you're describing.

Could you glob together a minimal repro project so I might step through it?

Is it possible that you have anything on Service B that's stripping the headers off?