Authenticated WCF Data Service through Azure Service Bus

1
votes

I'm stuck on this. I have a WCF Data Service that successfully creates an HTTPS endpoint in the Azure Service Bus.

I originally set the service up for testing using <security relayClientAuthenticationType="None" /> and I was able to consume the service just fine in a client.

The data going through this service will be sensitive, however, so to lock it down I switched to <security relayClientAuthenticationType="RelayAccessToken" /> in the Web.Config file of the service.

I am using the following code to obtain my token:

static string GetToken(string serviceNamespace, string issuerName, string issuerPassword)
    {
        if (_token == null)
        {
            string acsEndpoint = "https://" + serviceNamespace + "-sb.accesscontrol.windows.net/WRAPv0.9";
            string relyingPartyAddress = "http://" + serviceNamespace + ".servicebus.windows.net";

            NameValueCollection postData = new NameValueCollection
            {
                { "wrap_scope", relyingPartyAddress },
                { "wrap_name", issuerName },
                { "wrap_password", issuerPassword },
            };

            WebClient webClient = new WebClient();
            byte[] responseBuffer = webClient.UploadValues(acsEndpoint, "POST", postData);
            string response = Encoding.UTF8.GetString(responseBuffer);
            response = Uri.UnescapeDataString(response);

            string[] tokenVariables = response.Split('&');

            int tokenIndex = Array.FindIndex(tokenVariables, s => s.StartsWith("HMACSHA256"));

            string[] tokenVariable = tokenVariables[tokenIndex].Split('=');

            _token = HttpUtility.UrlDecode(tokenVariable[1]);
        }

        return _token;
    }
static string _token = null;

And then I use context.SendingRequest += new EventHandler<SendingRequestEventArgs>(OnSendingRequest); and the following to add my token to the header of my REST request:

static void OnSendingRequest(object sender, SendingRequestEventArgs e)
    {
        e.RequestHeaders.Add(
            "Authorization",
            string.Format("WRAP access_token=\"{0}\"", GetToken("MyNamespace", "owner", "MySecret") )
            );
    }

And then my request takes the following form (Which worked perfectly before the security was added)

try
        {
            var results = (from b in context.Banks where b.Bank1 != "Bank1" select b).Take(200).ToList();
            ViewBag.Results = results;
        }
        catch (DataServiceQueryException ex)
        {
            ViewBag.Message = "Authentication failed. A new token will be requested.";
            var code = ex.Response.StatusCode;
            if (code == 401)
                _token = null;
        }

While I was developing the code to get and attach the token I ran in to plenty of token errors, so I believe that I am successfully getting a token now, but now I get the following error:

500TrackingId:38940805-f9b3-4444-a8e3-2a00b2309cf6_G0, Timestamp:11/11/2012 11:48:33 AM Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.Services.Client.DataServiceClientException: 500TrackingId:38940805-f9b3-4444-a8e3-2a00b2309cf6_G0, Timestamp:11/11/2012 11:48:33 AM Source Error: Line 31: context.SendingRequest += new EventHandler(OnSendingRequest); Line 32: Line 33: var results = (from b in context.Banks where b.Bank1 != "Bank1" select b).Take(200).ToList(); Line 34: Line 35: try Source File: c:\Users\v-tadam.REDMOND\Documents\Visual Studio 2012\Projects\CFARPOC\CFARPOCClient\Controllers\HomeController.cs Line: 33 Stack Trace: [DataServiceClientException: 500TrackingId:38940805-f9b3-4444-a8e3-2a00b2309cf6_G0, Timestamp:11/11/2012 11:48:33 AM] System.Data.Services.Client.QueryResult.Execute() +414618 System.Data.Services.Client.DataServiceRequest.Execute(DataServiceContext context, QueryComponents queryComponents) +131 [DataServiceQueryException: An error occurred while processing this request.] System.Data.Services.Client.DataServiceRequest.Execute(DataServiceContext context, QueryComponents queryComponents) +432 System.Data.Services.Client.DataServiceQuery`1.Execute() +77 System.Data.Services.Client.DataServiceQuery`1.GetEnumerator() +13 System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369 System.Linq.Enumerable.ToList(IEnumerable`1 source) +58 CFARPOCClient.Controllers.HomeController.Banks() in c:\Users\v-tadam.REDMOND\Documents\Visual Studio 2012\Projects\CFARPOC\CFARPOCClient\Controllers\HomeController.cs:33 lambda_method(Closure , ControllerBase , Object[] ) +101 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +211 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.Async.c__DisplayClass42.b__41() +28 System.Web.Mvc.Async.c__DisplayClass8`1.b__7(IAsyncResult _) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +57 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +48 System.Web.Mvc.Async.c__DisplayClass39.b__33() +57 System.Web.Mvc.Async.c__DisplayClass4f.b__49() +223 System.Web.Mvc.Async.c__DisplayClass37.b__36(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +57 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +48 System.Web.Mvc.Async.c__DisplayClass2a.b__20() +24 System.Web.Mvc.Async.c__DisplayClass25.b__22(IAsyncResult asyncResult) +102 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +57 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +43 System.Web.Mvc.c__DisplayClass1d.b__18(IAsyncResult asyncResult) +14 System.Web.Mvc.Async.c__DisplayClass4.b__3(IAsyncResult ar) +23 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +57 System.Web.Mvc.Async.c__DisplayClass4.b__3(IAsyncResult ar) +23 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +47 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.c__DisplayClass8.b__3(IAsyncResult asyncResult) +25 System.Web.Mvc.Async.c__DisplayClass4.b__3(IAsyncResult ar) +23 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +47 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9629708 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

This error is not helping me find the problem. What am I doing wrong? Consuming the service worked flawlessly before the security was implemented, and I've done all the research I can in to how to get the token and attach it to my request. Does anything jump out that I have done incorrectly?

1
azurewcf-data-servicesazureservicebus

1 Answers

4
votes

I found my mistake. I had a fundamental misunderstanding of what constituted the token. For some reason I got it in my head that it was the text that followed "HMACSHA256" when in fact the token was everything in the response that follows "wrap_access_token=" (which seems obvious now...)

Anyway, if anyone else has this issue, the 500 error code is being thrown because the token is being correctly retrieved but the wrong token is being added to the request header. I tested this by attaching "GARBAGETOKEN" and observing the same behavior.

The following is a valid GetToken method:

static string GetToken(string serviceNamespace, string issuerName, string issuerPassword)
    {
        if (_token == null)
        {
            string acsEndpoint = "https://" + serviceNamespace + "-sb.accesscontrol.windows.net/WRAPv0.9";
            string relyingPartyAddress = "http://" + serviceNamespace + ".servicebus.windows.net";

            NameValueCollection postData = new NameValueCollection
            {
                { "wrap_scope", relyingPartyAddress },
                { "wrap_name", issuerName },
                { "wrap_password", issuerPassword },
            };

            WebClient webClient = new WebClient();
            byte[] responseBuffer = webClient.UploadValues(acsEndpoint, "POST", postData);
            string response = Encoding.UTF8.GetString(responseBuffer);

            string token = response.Split('&')
                .Single(value => value.StartsWith("wrap_access_token=") )
                .Split('=')[1];

            _token = HttpUtility.UrlDecode(token);
        }

        return _token;
    }
    static string _token = null;

Hopefully my folly helps someone else :)