none
Windows Azure Pack REST API testing with simple REST client RRS feed

  • Question

  • Hi all,

    We have a Windows Azure Pack installation (with SPF and VMM atc) and working fine, so now I'm investigating it's REST API.

    Mainly I'm interested in the Common calls (User, Subscription, etc) and I'd like to put together some specification for our developers, but I would like to see these calls in action to really get the feel how it's working. My plan was to use a very simple REST client like Advanced REST client Chrome add-on, but I fail on authorization.

     

    Basically I have no idea what to put into the Authorization header. The API documentation only states this:

    Authorization: Bearer authorization Bearer token.

    How can I get such a token to test out the REST calls? I did some searching around, but I did not find a clean explanation about this token, can you direct me somewhere?

    Thanks

    Csaba 


    BR Csaba

    Thursday, October 3, 2013 12:04 PM

Answers

  • Hi man,

    I am still waiting my environment back to verify, but the hosting machine was down.

    You can find some powershell samples under the program files\Management Service\MgmtSvc-PowershellAPI\samples\Authentication. Are these samples give you some hint?

    Regards,

    Wei

    Wednesday, October 9, 2013 10:00 AM
    Moderator

All replies

  • Hi,

    On the admin portal, run the powershell cmdlet

    unprotect-MgmtSvcConfiguration -Namespace adminsite.

    Then open the site's web.config, you can find the RdfeBasicAuthUsername and related password.

    Regards,

    Wei

    Monday, October 7, 2013 8:22 AM
    Moderator
  • Thanks, I'll try it and let you know.

    BR Csaba

    Monday, October 7, 2013 8:24 AM
  • So I should simply use these creds to pass them as normal Basic auth headers?

    BR Csaba

    Monday, October 7, 2013 8:33 AM
  • Hi,

    I tried the following:

    First:
    Authorization: Basic XXXXXXXXXXXXXX

    where XXXXX is the base64 encoded username:password.

    I receive:

    Code"InvalidSecurityToken"
    Message"The security token cannot be verified."

    Second:
    Authorization: Bearer XXXXXXXXXXX

    where XXXXX is the base64 encoded username:password.

    I receive:

    Code"UnauthorizedAdminUser"
    Message"The user is unauthorized to access the management service."

    It's quite clear that the first shouldn't even work, but the second is strange, what am I doing wrong?


    BR Csaba

    Monday, October 7, 2013 8:51 AM
  • yup, forget to mention that the un-protected password is base64 encoded, you need to decode it first.

    http://www.base64decode.org/

    Regrds,

    Wei

    Monday, October 7, 2013 8:55 AM
    Moderator
  • I recognized that the Password in the web.config looks like base64 encoded and I tried two things:

    1: decoding the string and constructing the username:password using the decoded test as password - same result as before (Unauthorized)

    2: using the encoded password as it is in the web.config after "Bearer" - same result as before (Unauthorized)

    Can you please help how should I construct the Authorization: Bearer header? All my attempts seem to fail.


    BR Csaba

    Monday, October 7, 2013 9:00 AM
  • Hi,

    Any ideas? I'm quite stuck here.
    Additional question: how should we implement authorization in our web application? I don't like the idea of basic auth, and I did not find any calls in the AdminAPI I could use for generating an OAuth token...

    The lack of documentation is quite frustrating in this matter, I could really use some help.


    BR Csaba

    Tuesday, October 8, 2013 7:26 AM
  • these steps work with the v1 system. I will test and get back to you as soon as I can.
    Tuesday, October 8, 2013 8:22 AM
    Moderator
  • Hi,

    Thanks.


    BR Csaba

    Tuesday, October 8, 2013 12:41 PM
  • Hi man,

    I am still waiting my environment back to verify, but the hosting machine was down.

    You can find some powershell samples under the program files\Management Service\MgmtSvc-PowershellAPI\samples\Authentication. Are these samples give you some hint?

    Regards,

    Wei

    Wednesday, October 9, 2013 10:00 AM
    Moderator
  • Hi,

    These scripts ARE useful, thanks!


    BR Csaba

    Wednesday, October 9, 2013 3:56 PM
  • Where can I get the documentation for the WAP Rest API?
    Wednesday, October 9, 2013 6:36 PM
  • Sorry for this inconvenience. There are not ready yet. We will try to publish it as soon as possible.
    Thursday, October 10, 2013 3:03 AM
    Moderator
  • Hi,

    I'm trying to use the Get-tokenWindows.ps1 and I receive an error message: 

    Unknown relying party realm received (AppliesTo): https://wap1:30001/. Make sure this relying party is registered in the authentication portal.

    I'm a little unsure what to put in the ClientRealm paramater (This will be the AppliesTo Property of the RequestSecurityToken object.

    Can you help me out here' I feel that I'm very close :)


    BR Csaba

    Thursday, October 10, 2013 8:53 AM
  • Hi Csaba,

    To shed more light on the authentication piece: Windows Azure Pack uses Claims based Authentication wherein you will need an Identity token to access the API.

    In an express install, this token is issued by the Admin Authentication site out of the box. the admin Authentication site is a web service at port 30072 on the machine you've installed it on.

    Using the token issued by this service as a Bearer token in the request, you should now send your requests to the  Admin API which is installed by default at port 30004. 

    If you have changed the ports in your installation, please send the requests to the appropriate endpoints. 

    the Get-tokenWindows.ps1 script shows  a sample of how you can get the token.

    Please try the ClientRealm parameter as http://azureservices/AdminSite

    and the AuthSiteAddress as  <a href="https://<>:30072/"> >:30072/">https://<<fqdn>>:30072/

    Hope that helps!

    --

    Shriram


    Thursday, October 10, 2013 7:29 PM
  • Hi,

    Did you ever get this working? Can you maybe post an example of the authorization header you used? I was able to get the token by using the Get-TokenWindows.ps1 script, but this doesn't seem to work.

    Also what did you use as ClientRealm paramenter?

    Thanks!

    Stefan

    Thursday, October 24, 2013 4:52 PM
  • Can we get some examples for accessing the Admin/Tenant portal rest APIs using client side scripting?
    Thursday, February 27, 2014 9:31 PM