Azure Analysis rest api : 401 Unauthorized. "Authentication failed."

Question

I'm trying to make a data partition refresh (post) following this azure documentation : https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-async-refresh

Either with post or get I got 401 Unauthorized (Even when the service is Off !).

I got the token from azure AD (ServicePrincipalCredential). I added the AD as Analysis Services Admins (https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-server-admins) I gave the owner role to AD in Analysis Services IAM.

it worked with Analysis Services management rest api (https://docs.microsoft.com/en-us/rest/api/analysisservices/operations/list) With the same authentification (got code response 200)

My python code :

from azure.common.credentials import ServicePrincipalCredentials
import requests

credentials = ServicePrincipalCredentials(client_id="ad_client_id",
                                          secret="ad_secret",
                                          tenant="ad_tenant")
token = credentials.token

url = "https://westeurope.asazure.windows.net/servers/{my_server}/models/{my_model}/refreshes"

test_refresh = {
            "Type": "Full",
            "CommitMode": "transactional",
            "MaxParallelism": 1,
            "RetryCount": 1,
            "Objects": [
                {
                    "table": "my_table",
                    "partition": "my_partition"
                }
            ]
        }

header={'Content-Type':'application/json', 'Authorization': "Bearer {}".format(token['access_token'])}

r = requests.post(url=url, headers=header, data=test_refresh)

import json
print(json.dumps(r.json(), indent=" "))

Response I got :

{
 "code": "Unauthorized",
 "subCode": 0,
 "message": "Authentication failed.",
 "timeStamp": "2019-05-22T13:39:03.0322998Z",
 "httpStatusCode": 401,
 "details": [
  {
   "code": "RootActivityId",
   "message": "aab22348-9ba7-42c9-a317-fbc231832f75"
  }
 ]
}

I'm hopeless, could you please give me somes help to make this clear ?

When the service is off and you still get a response then you are contacting a different service than you expect. You get a 401 because that other service uses different credentials. — mbuechmann
Yes I understand, but I'm simply using the base url given by Microsoft, I don't know how this can happen ... — Flexron

Flexron Flexron · Accepted Answer · 2019-05-23T09:26:22

Finally I resolved the issue. I had wrong token. The api expect an OAuth2.0 authentification token (The Azure analysis services rest api documentation ins't very clear about the way to get one)

For thoses will encounter the same issu there is the way to get one.

from adal import AuthenticationContext

authority = "https://login.windows.net/{AD_tenant_ID}"
auth_context = AuthenticationContext(authority)
oauth_token = auth_context.acquire_token_with_client_credentials(resource="https://westeurope.asazure.windows.net", client_id=AD_client_id, client_secret=AD_client_id)
token = oauth_token['accessToken']

Documentation about this : https://docs.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-

https://github.com/AzureAD/azure-activedirectory-library-for-python/wiki/ADAL-basics

Azure Analysis rest api : 401 Unauthorized. "Authentication failed."

3 Answers