AuthenticationFailedInvalidHeader when using the A

2019-09-01 18:34发布

I'm willing to log stuff from my Azure Api Management into an eventhub using policies.

I'm following this documentation : https://docs.microsoft.com/en-us/rest/api/apimanagement/logger/createorupdate

Here is my HTTP Request (using Postman):

PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1
Host: management.azure.com
Authorization: {my token}
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 449f686d-3a86-b714-0b37-979567f6f921

{
  "properties": {
    "loggerType": "azureEventHub",
    "description": "adding a new logger",
    "credentials": {
      "name": "api-management-logs",
      "connectionString": "{my connection string}"
    }
  }
}

I generated my token from the Api Manager UI at this URL : /admin/tenant/access I've checked the expiration.

It look like this :

SharedAccessSignature integration&{date}&{base64stuff}==

Here is a screenshot of where I created that token : screenshot

And here you have the response :

{
"error": {
    "code": "AuthenticationFailedInvalidHeader",
    "message": "Échec de l'authentification. L'en-tête 'Authorization' est fourni dans un format incorrect."
}

I can't figure out what's going on. Any ideas ? Is there a workaround ? Is there any way to create the api management logger through the azure portal ?

Thanks !

UPDATE 01/30 :

Thanks to your answers, I figured out it was not the right API. I've tried the API Management endpoint, and I get a 500 HTTP error :

Request :

PUT /loggers/end-user-logger?api-version=2018-01-01 HTTP/1.1
Host: waterbalance.management.azure-api.net
Authorization: SharedAccessSignature integration&201801301710&{secret}==
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 2618737b-af3e-c7d3-1d31-6b6f654100e9

{
  "properties": {
    "loggerType": "AzureEventHub",
    "description": "adding a new logger",
    "credentials": {
      "name": "end-user-logs",
      "connectionString": "Endpoint=sb://api-management-logs.servicebus.windows.net/;SharedAccessKeyName=Sending;SharedAccessKey={secret}"
    }
  }
}

Response:

     {
    "error": {
        "code": "InternalServerError",
        "message": "Request processing failed due to internal error.",
        "details": null
    }

It doesn't seem to be a token issue since i don't get a Unauthorized error.

2条回答
Summer. ? 凉城
2楼-- · 2019-09-01 19:22

When the Host is management.azure.com, you need to use Bearer token authentication

PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/..?api-version=2017-03-01 HTTP/1.1
Authorization: Bearer <bearer-token>
Host: management.azure.com

When the host is <apimservice>.azure-api.net, then the SharedAccessSignature authentication will work.

PUT /loggers/mylogger?api-version=2017-03-01 HTTP/1.1
Authorization: SharedAccessSignature <token>
Host: apimService.azure-api.net

To generate a Bearer Token you need to refer to Azure Rest Api

查看更多
放荡不羁爱自由
3楼-- · 2019-09-01 19:36

The API PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1 you used is a Azure Rest APi, not API Management API.

For Azure Rest API, you need create a service principal then use it to create a token.

enter image description here

When you call the API, the header is Authorization: Bearer $token

enter image description here

More information about this see this similar question.

查看更多
登录 后发表回答