Application Programming Interface (API) Problem:

I followed Scott Allen’s ASP.NET MVC 5 Fundamentals on Plural, and I can successfully request a token with a simple HTML page, but now I have to try it with Fiddler. The reason I have to test it with Fiddler is that it’s actually my apu’s name. The app for the ios device is being written, and I have to do the api part.

Well, I’m going to the Fiddler:


POST http://localhost:53140/token HTTP/1.1
Content type: application/json
Host: localhost:53140
Content length : 50

grant_type=password :


and I get 400, which is a bad request.

I changed the content type to: application/x-www-form-url-coded, but still 400.

What am I doing wrong?


I even tried with username=username and password=password and I’m still not satisfied.


Oops, Grant_type was in the wrong place. He must have been inside the body:


Now I get the message that the username or password is invalid:

I keep the position active because it could be a red herring.

How do you solve the API problem?

Solution 1:

Make sure there are no spaces or line breaks in the violin after grant_type=password&username=username&password=password.

Solution 2:

I got the same error message while troubleshooting.

{error:invalid_grant,error_description:username or password is incorrect}.

while I tried this class myself. It seems that the username stored in the local database is actually the email address, not the username specified in the JSON payload when calling the Web API /api/Account/Register. You can check this by performing a T-SQL query in the [AspNetUsers] table. (If you use the LocalDb database, you can open the database in the project’s App_Data with Show All Files).

Please note that after confirming your real username as your email address, the email address (and your password, if applicable) must be encoded with the URL when you request /api/Token.
For example:

grant_type=password and

I hope this helps.

Solution 3:

You can write
Host: localhost:17271
Content length in the script: 81
Type Type of content: application/x-www form-url coding; charset=UTF-8

You can write
grant_type=password&username=Alice&password=password123&response_type=token in the requesting organization.

I hope somebody can help me, because my problem is solved with these kind of requests.

Solution 4:

Here is how I work with Fiddler4 (these instructions assume that you start from scratch):

  1. Creating a new MVC Web API 2 project in Visual Studio 2015
  2. Make sure you set up authentication for individual user accounts (assuming you want to).
  3. After loading, create a project and run the web application to make sure it works.
  4. By default, the ASP.NET Getting Started… page with navigation links at the top of the homepage and the API.

For now I am thinking of changing the default connection in my Web.config file to point to the SQL server where I will host the ASP.NET identity tables, but you should not only use the default localDb.

  1. Start Fiddler4 and then right click on the Composer tab.

trying to get a oauth token using fiddler –

  1. Change the request type in POST and then change the URL to the URL of your local site that you have previously executed (e.g. the VS Web API 2 project):


  1. Change the header as follows:

User Agent : Violin
Type of contents: application/json; charset=UTF-8

  1. In the body of the application, for example, you need to compile your JSON data. B. the account you register:

e-mail :
Password: YourPassw0rd!,
ConfirmPassword : YourPassw0rd!

  1. Once your site is online, click Run in the top right corner.

trying to get a oauth token using fiddler –

  1. If this succeeds, you should see a 200-reply on the left side of Fiddler4 confirming that the Account Controller API registration action has been successfully registered by the new user.
  2. You can now test your user account by requesting an authorization token. Clean the content of the application organization in Fiddler4 and change the type to POST if necessary.
  3. Change the header as follows:

User Agent : Violin
Type of contents: application/json; charset=UTF-8

  1. In the main part of the application, add the following (the change of your account values is obvious)

grant_type=password&[email protected]&password=Passw0rd!

  1. Click Run again, and you should see a response from 200 violinists to the left of Fiddler4 :


  1. Double click on the answer to open the Inspector tab on the right side of Fiddler4, which should display the authorization information in JSON format (you can also view it as raw data by clicking on the Raw tab).
  2. Look for the string access_token=, which contains the access token needed to execute media type queries.

Simply put: That’s what’s happening now:

a. You authenticate yourself and receive a signature.

b. All API endpoint requests are executed using a bearer token specified in the header of your request.

c. You send the received automatic button, it will be confirmed and your request will be processed.

d. You must ensure that the Web 2 API endpoints in the methods and/or classes have [Allow] enabled to secure these areas.

e. If the authentication token has expired (defined in the class App_StartStartup.Auth.cs ‘AccessTokenExpireTimeSpan’…), you need to manage it, for example. B. my request invokes a stupid method that requires authorization, if it fails then AngularJS’s client-side code redirects the user to a login screen where a valid user can request another authentication token by logging in.

* note* I’m keeping the expiration time of my car guzzlers at 30 minutes.

Okay, now use this badge in Fiddler 4……

  1. Start Fiddler4 and in the right tab Set the type to GET (delete the content of the requesting authority if necessary)
  2. Change the header as follows:

User Agent : Fiddler
Host: localhost:49598
Authorization : Wear yours for a long, long, long time….

  1. Change the url to a good old api/value endpoint:


  1. Click on Run and if it succeeds, you will see a response of 200 on the left:

200 HTTP local host: 49598 /api/values

  1. Double-click on this answer and the Inspector tab opens with the JSON answer.

trying to get a oauth token using fiddler –

This completes the use of Fiddler4 for testing Oauth2 with the Web 2 API. I hope somebody finds this useful. If you notice any errors, please let me know in the comments and I will update this answer.

Solution No 5:

One of the problems I see is that it looks like the username and password is put in the body of the request like a json string. It must be a text without quotation marks:


Then make sure you have the type of content: app/x-www-form-urlencoded

Solution No 6:

I’m not familiar with Scott’s course, but in general, for OAuth2, you make a GET request to the authorisation server with references, which then gives you the authorisation code, which you POST to the token server with other things to get your token.

I don’t know any shortcut to getting a token by just going through the token server.

Good luck!

how to pass api key in header in fiddler,fiddler auth header,fiddler add authorization header,www authenticate basic realm fiddler,fiddler windows authentication,how to add request header in fiddler,fiddler authentication username password,fiddler pass jwt token,how to pass client id and secret in fiddler,http basic authentication fiddler,fiddler api testing,how to use fiddler with visual studio,fiddler script examples,fiddler authorization bearer,fiddler http basic authentication,fiddler base64 encode,how to add header and body in fiddler composer,bearer token

You May Also Like

10 of the best torrent sites in 2021 (Legal&Working) – Torrent

In this article, you will find a list of the top 10…

Zoom Camera Not Working on Lenovo laptop? (7 Quick solutions to fix it)

Since the days of Covid 19, Zoom (one of the most popular…

Dell Latitude 5511 Specs: Full Specifications

Width delta 5511 Sheet specification The Dell Latitude 5511 2020 is equipped…

10 Best Screenshot Applications For Windows 10

Related Tags:  greenshot, snagit, lightshot, screen capture, best free screenshot software, free screen capture tool windows 10, screenshot…