Azure EventHubs REST API 401 Unauthorized

0
votes

I'm trying to execute eventhubs restapi using curl but it does not work.

curl

curl --proxy $PROXY -i -X "GET" "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.EventHub/namespaces/$NAME_SPACE/eventhubs/$EVENTHUB?api-version=2017-04-01" -H "Authorization: $TOKEN"

Generate SAS (C#)

var resourceuri = "https://myspacename.servicebus.windows.net/myeventhub";
            var key = "mykey";
            var keyname = "mykeyname";
            TimeSpan sinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
            var week = 60 * 60 * 24 * 7;
            var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + week);

            string stringToSign = Uri.EscapeDataString(resourceuri) + "\n" + expiry;
            HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
            var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
            var sasToken = String.Format("SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}", Uri.EscapeDataString(resourceuri), Uri.EscapeDataString(signature), expiry, keyname);
            return sasToken;

Response

{"error":{"code":"AuthenticationFailedInvalidHeader","message":"Authentication failed. The 'Authorization' header is provided in an invalid format."}}

I referred this doc (https://docs.microsoft.com/ja-jp/rest/api/eventhub/Generate-SAS-token?redirectedfrom=MSDN). Furthermore, I tried to use this tool (https://github.com/sandrinodimattia/RedDog/releases/tag/0.2.0.1) but it was same result, too.

Do you have any ideas ?

1
c#azurecurlazure-eventhubazure-cli
Yes, you're a building a SAS token for servicebus.windows.net then calling management.azure.com. Which one is it? If it's the latter, use ARMClient to get an access token, Azure AD libraries (ADAL) or straight up OAuth with curl against login.microsoftonline.com. - evilSnobu
Thank you for replying. I don't know which uri is correct now in this case, so I'll check it. - ssk3

1 Answers

1
votes

The API(https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.EventHub/namespaces/$NAME_SPACE/eventhubs/$EVENTHUB?api-version=2017-04-01) is an Azure Rest API. You could get token like below:

curl -X "POST" "https://login.microsoftonline.com/$TENANTID/oauth2/token" \
-H "Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productionb; stsservicecookie=ests" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$APPID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$PASSWORD" \
--data-urlencode "resource=https://management.azure.com/"

When you request the API, in the Header, you should use -H "Authorization: Bearer $token". So, you should modify like below:

curl --proxy $PROXY -i -X "GET" "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.EventHub/namespaces/$NAME_SPACE/eventhubs/$EVENTHUB?api-version=2017-04-01" -H "Authorization: Bearer $token"