Is setting the Authorization header in HttpClient safe?

Question

I\'m working in a MVC5 ASP.NET project, and learned that to send authenticated requests to a WEB API from the controller I could do the following to add a token to the heade

Answer 1

Will other users have a way to access this same token, given that there is only one instance of this HttpClient?

Yes, that is why you need to be careful when setting the default headers.

Would I need to add the header each time I'm making a request with the same HttpClient object?

No, because you set the default header all requests created with that object will have the header.

For things like a Bearer token it is better to not put in the default headers and instead put it in the request header by creating a new HttpRequestMessage object, setting the headers you need there, then using HttpClient.SendAsync( passing in the request message to send the headers along with your request.