Why can't I get the headers in Web Api?

Question

I've searched a lot and can't figure it out what I am missing.

I'm trying to send headers in an ajax call:

        $.ajax({
            type: "GET",
            url: url,
            dataType: 'jsonp',
            headers: { "Authorization": "98765", "X-My-Secret-Token": "WhyCantIGetThis", "JustAnotherTest": "314987" },
            //beforeSend: function (request) {
            //    request.setRequestHeader("Authorization", "98765"); -> I tried this way too
            //},
            success: function (data) {
                $('#value1').html(data);
            }
        })

And get that in:

       public override void OnActionExecuting(HttpActionContext actionContext)
       {
            var header_X_My_Secret_Token = actionContext.Request.Headers.SingleOrDefault(x => x.Key == "X-My-Secret-Token");
            var header_Authorization = actionContext.Request.Headers.SingleOrDefault(x => x.Key == "Authorization");
            var header_JustAnotherTest = actionContext.Request.Headers.SingleOrDefault(x => x.Key == "JustAnotherTest");

            var heeder_Authorization2 = actionContext.Request.Headers.Authorization;
        }

But it's all null. Does anyone can tell me why? Thanks. [Edit]

I can get the header in same domain ajax call. But I need to get it in cross domain too. How do that? Thanks

Answer 1

You can try this one, in my case its working.

IEnumerable<string> values = new List<string>();
actionContext.Request.Headers.TryGetValues("Authorization", out values);

Answer 2

For anyone who's still searching an answer...

I just had to enable CORS:

Install-Package Microsoft.AspNet.WebApi.Cors

using System.Web.Http;
namespace WebService
{
    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            EnableCors(); \\<==============

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }
    }
}

http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

Answer 3

Before you can send headers to in a cross domain request, chrome is going to use CORS to determine which headers can be sent. To enable the browser to send the headers you want you can add an OPTIONS method to your controller.

   public HttpResponseMessage Options()
    {

        var response = new HttpResponseMessage();
        response.Headers.Add("Access-Control-Allow-Headers", Request.Headers.GetValues("Access-Control-Request-Headers").FirstOrDefault() );
        response.Headers.Add("Access-Control-Allow-Origin", "*");
        response.Headers.Add("Access-Control-Allow-Method", "GET");
        return response;
     }