HTTP Redirects Drop Authentication Credentials RRS feed

  • Question

  • As reported on Twitter, when using the Scheduler configured for an HTTP request with basic auth enabled, if the endpoint redirects to another location, the redirect is honored but the credentials are omitted.

    To help illustrate the issue, I created a demo (source code). This code creates at https://www.jaraco.com/auth-demo/ two endpoints, `here/` which redirects to `there/`, both of which require authentication to be supplied (but any username/password combination is accepted).

    With curl, you can see how I expect a client to pass the credentials following a redirect:

    jaraco.site master $ curl -u any:any https://www.jaraco.com/auth-demo/here/
    This resource resides temporarily at <a href="http://www.jaraco.com/auth-demo/there/">http://www.jaraco.com/auth-demo/there/</a>.
    jaraco.site master $ curl -L -u any:any https://www.jaraco.com/auth-demo/here/
    You got there!

    The verbose output of the latter command can be seen at this gist. Other clients, such as browsers, httpie, and wget also include the credentials when following the redirect.

    If you configure the Azure Scheduler to use https://www.jaraco.com/auth-demo/here/ and configure some Basic credentials, the task will fail when it redirects to /auth-demo/there/ and gets a 401 response because it hasn't passed the credentials.

    The HTTP client used by Azure Scheduler should match the behavior of these other user agents and pass the credentials.

    Thursday, July 5, 2018 1:42 PM


  • Hi Jason, Apologies for the delayed response. I've been working internally with the Scheduler team to address your feedback. Still waiting for an official update. In the meantime, I recommend evaluating Azure's Logic App service for your Scheduler-based scenarios as Logic App is a super set of Scheduler's features. I am also following up internally to see if Logic App's http client exhibits a similar behavior upon Http 302 redirects.
    • Proposed as answer by Femisulu-MSFT Tuesday, July 31, 2018 11:47 PM
    • Marked as answer by Femisulu-MSFT Wednesday, December 12, 2018 12:32 AM
    Wednesday, July 18, 2018 11:21 PM