question

BeTheCode-5162 avatar image
0 Votes"
BeTheCode-5162 asked BeTheCode-5162 commented

Why does Azure Funtion http request triggered on a timer return access denied 401?

The fact that the http request occurs on a timer trigger probably has very little to do with the issue but is mentioned so that there is a distinction that it is not a function httptrigger.

The url has a request header that is required ("SomeHeaderKey", "SomeHeaderValue").

When performing a curl command on a url to api located in APIm (API management) there is 200 ok response.

When adding the same address with the same header within an Azure Function, I get a 401 (Access Denied).

The header key and value is the same for both the curl command and the Azure Function but wondering if that has something to do with it or is the Azure Function needing some other additional authentication. The api in APIm is taking the url as a parameter to call along with the header. The function is written in c# and here is the section of code:
using System.Net.Http;
using System.Net.Http.Headers;

 public async static Task RunAvailabilityTestAsync(ILogger log)
 {
    public async static Task RunAvailabilityTestAsync(ILogger log)
    {
       using (var httpClient = new HttpClient())
       {
          httpClient.DefaultRequestHeaders.Authorization = 
             new AuthenticationHeaderValue("SomeHeaderKey", "SomeHeaderValue");
             
          await httpClient.GetStringAsync("https://api.someaddresstoAPIm.com/?url=http://someaddress.to.request");
       }
    }
 }
azure-functionsazure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered BeTheCode-5162 commented

@BeTheCode-5162 As you are calling the APIM service you need to pass the Ocp-Apim-Subscription-Key header to authenticate the request.
In your code you are passing the AuthenticationHeaderValue which creates the header as below:
Authorization: SomeHeaderKey SomeHeaderValue

The right header that APIM accepts is:
Ocp-Apim-Subscription-Key : yourSubcriptionKey

You need to replace this code : httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SomeHeaderKey", "SomeHeaderValue"); with the below code to pass the right headers.

 httpClient.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "yourSubscriptionKey");
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, I am passing the Ocp-Apim-Subscription-Key in the header. I just wrote "SomeHeaderKey" as a replacement for Ocp-Apim-Subscription-Key. So that format you have in the answer is exactly the format I'm using. Is there any other authentication issue that would prevent this from working? Does it matter if the APIM is residing in a different subscription than the Azure Function as long as the APIM address is public?

0 Votes 0 ·

@BeTheCode-5162 It doesn't matter if the APIM and function are in different subscription untill and unless you are passing the right credentials i.e. headers. As I mentioned in my answer the header is not passed correctly and it is the code issue that the header are not set correctly.
You need to use httpClient.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "yourSubscriptionKey"); instead of httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Ocp-Apim-Subscription-Key", "yourSubscriptionKey");

Your code will be creating the header as
Authorization: Ocp-Apim-Subscription-Key yourSubscriptionKey

The right header that APIM accepts is
Ocp-Apim-Subscription-Key : yourSubcriptionKey

0 Votes 0 ·
BeTheCode-5162 avatar image BeTheCode-5162 MayankBargali-MSFT ·

Using the Add method worked. Thank you sir.

1 Vote 1 ·