如果您的标头通常是相同的，那么您可以设置 DefaultRequestHeaders.但是您不需要使用该属性来指定标题.正如您已经确定的那样，如果您要使用同一个客户端有多个线程，那将不起作用.对一个线程上的默认标头所做的更改会影响在其他线程上发送的请求.

尽管您可以在客户端上设置默认标头并将它们应用于每个请求，但标头实际上是请求的属性.因此，当标头特定于请求时，您只需将它们添加到请求中即可.

request.Headers.Authorization = new AuthenticationHeaderValue("bearer", bearerToken);

这意味着您不能使用不涉及创建 HttpRequest 的简化方法.你需要使用

public TaskSendAsync(HttpRequestMessage 请求)

记录在此处.>

有些人发现使用扩展方法将更新标题的代码与方法的其余部分隔离开很有帮助.

通过扩展方法完成的 GET 和 POST 方法示例，允许您在发送之前操作请求标头和更多 HttpRequestMessage:

public static Task获取异步(这个HttpClient httpClient, string uri, Action preAction){var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, uri);preAction(httpRequestMessage);返回 httpClient.SendAsync(httpRequestMessage);}公共静态任务PostAsJsonAsync;(这个HttpClient httpClient，字符串uri，T值，ActionpreAction){var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, uri){内容 = 新对象内容(值, 新 JsonMediaTypeFormatter(), (MediaTypeHeaderValue)null)};preAction(httpRequestMessage);返回 httpClient.SendAsync(httpRequestMessage);}

这些可以像下面这样使用:

var response = await httpClient.GetAsync("token",x =>x.Headers.Authorization = new AuthenticationHeaderValue("basic", clientSecret));

Given that the .net HttpClient has been designed with reuse in mind and is intended to be long lived and memory leaks have been reported in short lived instances. What guide lines are there where you want to make restful calls to a given endpoint using different bearer tokens (or any authorization header) when calling the endpoint for multiple users?

private void CallEndpoint(string resourceId, string bearerToken) {
  httpClient.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("bearer", bearerToken);
  var response = await httpClient.GetAsync($"resource/{resourceid}");
}

Given the above code could be called by any number of threads on a web application it is easily possible that the header set in the first line is not the same one that is used when calling the resource.

Without causing contention using locks and maintaining a stateless web application what is the recommended approach to creating and disposing HttpClients for a single endpoint (My current practice is to create a single client per endpoint)?

---

Lifecycle

Although HttpClient does indirectly implement the IDisposable interface, the recommended usage of HttpClient is not to dispose of it after every request. The HttpClient object is intended to live for as long as your application needs to make HTTP requests. Having an object exist across multiple requests enables a place for setting DefaultRequestHeaders and prevents you from having to respecify things like CredentialCache and CookieContainer on every request, as was necessary with HttpWebRequest.

If your headers are usually going to be the same then you can set the DefaultRequestHeaders. But you don't need to use that property to specify headers. As you've determined, that just wouldn't work if you're going to have multiple threads using the same client. Changes to the default headers made on one thread would impact requests sent on other threads.

Although you can set default headers on the client and apply them to each request, the headers are really properties of the request. So when the headers are specific to a request, you would just add them to the request.

request.Headers.Authorization = new AuthenticationHeaderValue("bearer", bearerToken);

That means you can't use the simplified methods that don't involve creating an HttpRequest. You'll need to use

public Task<HttpResponseMessage> SendAsync(HttpRequestMessage request)

documented here.

---

Some have found it helpful to use extension methods to isolate the code that updates the headers from the rest of a method.

Example of GET and POST methods done through an extension method that allow you to manipulate the request header and more of the HttpRequestMessage before it is sent:

public static Task<HttpResponseMessage> GetAsync
    (this HttpClient httpClient, string uri, Action<HttpRequestMessage> preAction)
{
    var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, uri);

    preAction(httpRequestMessage);

    return httpClient.SendAsync(httpRequestMessage);
}

public static Task<HttpResponseMessage> PostAsJsonAsync<T>
    (this HttpClient httpClient, string uri, T value, Action<HttpRequestMessage> preAction)
{
    var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, uri)
    {
        Content = new ObjectContent<T>
            (value, new JsonMediaTypeFormatter(), (MediaTypeHeaderValue)null)
    };
    preAction(httpRequestMessage);

    return httpClient.SendAsync(httpRequestMessage);
}

These could then be used like the following:

var response = await httpClient.GetAsync("token",
    x => x.Headers.Authorization = new AuthenticationHeaderValue("basic", clientSecret));