Why is the scheme required for AuthenticationHeaderValue?

Question

I am setting the authorization header of an HttpClient in the following manner:

httpClient
    .DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(null, "abc");

...but am getting the exception:

"scheme" of the AuthenticationHeaderValue cannot be null.

Why must the AuthenticationHeaderValue have a scheme? Is this required by a specific RFC?

Answer 1

The scheme is used to determine what kind of authentication you are using:

• Basic
• Oauth
• Bearer
• Digest
• etc.

The header will look like this:

{
   "key": "Authorization",
   "value": "<scheme> <parameter>"
}

Try to use Postman to see what is generated based on the different types of authentication supported by HTTP.

Answer 2

Sometimes you cannot set the Authorization header with a scheme. This is also the case on a project where I am working on right now. I need to connect to the API from TOPdesk, but there is no scheme specified.

The Authorization header from TOPdesk must have a value like TOKEN id="0d1739df-8952-41c0-94cd-b25287446b22" so I cannot use a scheme. I solved the problem by adding the Authorization header like the following example, and it works like a charm.

client.DefaultRequestHeaders.Add("Authorization", $"TOKEN id=\"{token}\"");

I know it is a old question but I thought that maybe someone in the future will look at this answer and find it usefull. I came across this question the same way.