locked
Using WebAuthenticationBroker to retrieve Azure publishsettings file

    Question

  • I'm trying to authenticate the user with his/her Live ID and retrieve their subscriptions. For that I need the publishsettings file that has the subscription details. I'm able to authenticate the user with webview(which returns the url to the publishsettings file) and then retrieve the contents of that file by using a Http request. I can authenticate using the WebAuthenticationBroker, which returns the URL. But when I send a Http request to that url, I get a 403 forbidden error.

    WebAuthenticationResult result=await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None,new Uri("https://manage.windowsazure.com/publishsettings"),new Uri("https://manage.windowsazure.com/publishsettings/GetPublishSettings?"));

    HttpClient client=new HttpClient();

    HttpRequestMessage request=new HttpRequestMessage();

    request.requestUri=new Uri(result.ResponseData);

    HttpResponseMessage response=await client.SendRequestAsync(request,0);

    Friday, October 17, 2014 6:18 AM

All replies

  • Should you include an access token in subsequent requests? Can you provide a link to the Windows Azure API you are using?
    Friday, October 17, 2014 6:24 AM
  • I get OAuth 2.0 access token as part of the Url in the ResponseData field of WebAuthenticationResult. I haven't used any part of the Azure API yet actually. To use the API, you need the Subscription ID and an X.509 certificate which is located in the .publishsettings file. I am trying to retrieve that file so as to access the API.

    This is the response I get when I send request to the url I receive(which looks something I like this

    https://manage.windowsazure.com/publishsettings/GetPublishSettings?t=<token>)

    {

    <html><head><noscript>Redirect<meta http-equiv='Refresh'content='0; URL=https://login.live.com/jsDisabled.srf'/></noscript><title>Continue</title><script type='text/javascript'>function R() {{ var t ='https://login.windows.net/common/oauth2/authorize?response_type=code+id_token&redirect_uri=https%3a%2f%2fmanage.windowsazure.com%2fPublishSettings%2fGetPublishSettings%3ft%3d6Lg%252fViBapBqCWr4Sem%252bfirWbXc5wSS7rlGQsLCgrluNhD65END10Wih%252bC2%252bECZtkW%252fUsXm81vaJGnT6ciqUE8jKJs%252fM%253d%26SchemaVersion%3d&client_id=00000013-0000-0000-c000-000000000000&resource=https%3a%2f%2fmanagement.core.windows.net%2f&scope=user_impersonation+openid&nonce=7c4314a0-0007-4e6f-80e2-e0183356d867&domain_hint=&site_id=500879&response_mode=query', r =window.location.hash, f =t, i, n, u, e; r &&r.length >1 &&(i =/[\u0026\u003F]redirect_uri=([^\u0026]+)/.exec(t), i !==null&&(n =i[1], u =i.index, e =n.length, n +=( ( n.toUpperCase().lastIndexOf('%3F') <0 ) &&( n.toUpperCase().lastIndexOf('?') <0 ) )?'%3F': '%26', n +='hashseg%3D'+encodeURIComponent(r.slice(1)), f =t.slice(0, u +14) +n +t.slice(u +e +14))), window.location.replace(f)}}</script></head><body onload='javascript:R();'></body></html>}

    This doesn't occur when I do it with a WebView.

    Friday, October 17, 2014 6:47 AM