"The remote server returned an error: (401) Unauthorized." when doing a post at "https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9" for SWT.

Question

Hi,

I am trying out the Sql Azure Odata Service at https://www.sqlazurelabs.com/ConfigOData.aspx#. When I enabled Annonymous Access user, I was able to  get the OData, but it was only in a read-only mode. For doing a write to the Sql Azure, I assume that we have to go with the "No Annonymous Access" way?

I tried enabling "No Annonymous Access" in which case I had to get a SWT from "https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9". and have to provide the token when doing a post of OData.

The following piece of code should get the token from "https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9" but I am getting "The remote server returned an error: (401) Unauthorized." when doing a post at "https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9".

  WebClient acsClient = new WebClient();



  //acsClient.BaseAddress = https://odataacs.accesscontrol.windows.net/; // When this was used I was getting " 402 Bad Gateway" error



  acsClient.BaseAddress = "https://odataacs.accesscontrol.appfabriclabs.com/";



  NameValueCollection values = new NameValueCollection();



  values.Add("wrap_name", "https://odata.sqlazurelabs.com/OData.svc/v0.1/mySqlAzureServerName/b2b");



  values.Add("wrap_password", "T/j/LH2XS7kQSJJM2mqNaRFIdw/46asvKI3HxdPPbyH="); //Same as the secret key generated for the 'dbo' user from the portal



  values.Add("wrap_scope", "https://odata.sqlazurelabs.com/OData.svc/v0.1/mySqlAzureServerName/b2b/dbo"); // Same as the Issuer Name from the portal 



  values.Add("authorized", "true");







  byte[] acsResponseInBytes = acsClient.UploadValues("WRAPv0.9", "POST", values); // Exception is being thrown here.



  string acsResponse = System.Text.Encoding.UTF8.GetString(acsResponseInBytes);



  return acsResponse



 .Split('&')



 .Single(value => value.StartsWith("wrap_access_token=", StringComparison.OrdinalIgnoreCase))



 .Split('=')[1];

Am I missing something else here?

Thanks,

Kowshik Palivela

Answer 1

I am also having the same issue calling the https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9

 

 

          WebClient client = new WebClient();
           client.BaseAddress = "https://odataacs.accesscontrol.appfabriclabs.com/";
 
           NameValueCollection values = new NameValueCollection();
           values.Add("wrap_name", "https://odata.sqlazurelabs.com/OData.svc/v0.1/ncah3zegi7/ClientManagement/dbo");
           values.Add("wrap_password", "someSecretKey");
           values.Add("wrap_scope", "https://odata.sqlazurelabs.com/OData.svc/v0.1/ncah3zegi7/ClientManagement");
           values.Add("authorized", "true");
 
           byte[] responseBytes = client.UploadValues("WRAPv0.9", "POST", values);
 
           string response = Encoding.UTF8.GetString(responseBytes);
           string token = response.Split('&')
               .Single(value => value.StartsWith("wrap_access_token="))
               .Split('=')[1];
 
           Console.WriteLine(token);

 

 

I consistently get 403 Forbidden With the error code: 

Error:Code:403:SubCode:T0:Detail:ACS50012: Authentication failed. :TraceID:9cc94f81-353f-408b-9b06-506ea7fe7b14:TimeStamp:2011-07-01 19:42:13Z

 

This is also happening when I try to hit the odataaacs sts via fiddler.  Passing the wrap parameters in the body.  I have tried adding and removing the user multiple times to get a new secret key to no avail.  Does the odataacs service even work?  I am beginning to think not.

I used http://blogs.msdn.com/b/jackgr/archive/2010/04/16/odata-for-sql-azure-with-appfabric-access-control.aspx and http://blogs.msdn.com/b/jackgr/archive/2010/04/16/odata-for-sql-azure-with-appfabric-access-control.aspx and http://blogs.msdn.com/b/brian_swan/archive/2010/09/02/accessing-odata-for-sql-azure-with-appfabric-access-control-and-php.aspx for references.

 

Can anyone verify that the odata sts at https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9 is working properly?

Thanks Peter

Answer 2

Hi Peter,

I think You need to authenticate the calls using Management Certificate

Please read the below article on how to use X509Certificate as Management Certificate and authenticate your Azure calls http://convective.wordpress.com/2011/05/17/sql-azure-management-rest-api/

---

Arunraj Chandrasekaran, MCTS, Author: SQLXpertise.com
If you found this post useful, Please "Mark as Answer" or "Vote as Helpful"

Answer 3

Thanks for your reply Anrunraj.  However I have not seen anywhere that using the SQL Server OData Service that I would need to authenticate with the Management of my SQL Azure instance.  The db name might be throwing you off since its named ClientManagement.  

 

Today I tried creating a new user and login to my db and using the odata portal to configure it.  It seems to have worked but no matter how I call the aacs at

https://odataacs.accesscontrol.appfabriclabs.com/WRAPv0.9

 

I get an unathorized. 403 Forbidden error.

I set it up at https://www.sqlazurelabs.com/ConfigOData.aspx

 

Could someone please provide guidance on how to actually authenticate?  

 

The closest thing I found was here:

http://blogs.msdn.com/b/jackgr/archive/2010/04/16/odata-for-sql-azure-with-appfabric-access-control.aspx

But that was over a year ago now and it doesn't seem to work at all.

Answer 4

Could anyone from the SQL Azure Labs team verify that AACS is working for OData services via SQL Azure.  I still haven't got a response on this and waited a week.