当未直接获取访问令牌时，使用 .Net HttpClient 使用 Rest API 无法授权

服务器是一个 .net 核心 API，它使用 Identity 进行身份验证/授权和SimpleTokenProvider来生成 JWT 令牌。特定端点需要角色授权。

[Authorize(Roles = "Admin")]

当我从不同的控制器操作方法获取令牌，将令牌保存在会话中并尝试使用该令牌调用 API 时，或者当我对从 Postman 获取的令牌进行硬编码并将其传递给 API 时，用户得到在服务器上进行了身份验证，但无法授权。

用户获得授权的唯一方法是我在同一个控制器操作方法中请求令牌。它也可以从 Postman 正常工作。

客户端代码如下：

    string token = "ew0KICAiYWxnIjogIkhTMjU2IiwNCiAg...";

    HttpClient client = new HttpClient(handler);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));    
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
    HttpResponseMessage httpResponse = client.GetAsync("http://localhost:5001/api/dashboard").Result;
          if (httpResponse.IsSuccessStatusCode)
          {
             Console.Write(httpResponse.Content.ReadAsStringAsync().Result);
          }  

从服务器日志中，同一端点的授权调用具有以下内容：

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5001/api/dashboard     
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Identity.Application.
    Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: Successfully validated the token.
    Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
    Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization was successful for user: xxxxx.
    Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization was successful for user: xxxxx.

而未经授权的调用有以下日志：

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5001/api/dashboard  
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: Successfully validated the token.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization was successful for user: xxxxx.
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: xxxxx.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware:Information: AuthenticationScheme: Bearer was forbidden.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Identity.Application was challenged.

我不知道需要向 HttpClient 添加什么其他选项才能使授权工作。