I am following Microsoft tutorial on installing Azure Arc Server agent, https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication , the install went well and I am now testing to get a token. Using the code provided by the article above (I ran it with Visual studio as Administrator ).
$apiVersion = "2020-06-01"
$resource = "https://management.azure.com/"
$endpoint = "{0}?resource={1}&api-version={2}" -f $env:IDENTITY_ENDPOINT,$resource,$apiVersion
$secretFile = ""
try
{
Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing
}
catch
{
$wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
if ($wwwAuthHeader -match "Basic realm=.+")
{
$secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
}
}
Write-Host "Secret file path: " $secretFile`n
$secret = cat -Raw $secretFile
$response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
if ($response)
{
$token = (ConvertFrom-Json -InputObject $response.Content).access_token
Write-Host "Access token: " $token
}
However i get the error :
{"error":"unauthorized_client","error_description":"Missing Basic Authorization header","error_codes":[401],"timestamp":"2023-07-05 10:32:31.7391949 +0200 CEST m=+5321.276017201","trace_id":"","correlation_id":"0ec3a4b9-292b-4283-aaee-d76fc1339976"}
I looked at the hims log "C:\ProgramData\AzureConnectedMachineAgent\Log\himds.log" without much more information , i get the same error with a line saying :
time="2023-07-05T11:44:59+02:00" level=info msg="Missing Basic Authorization header" reason=unauthorized_client uuid=a022087f-7bd9-43dd-b88b-9c8f4e1ab168
I tried with Postman, same error.
Any idea what went wrong ?
Vincent
I tried using postman and i got the exact same problem.
You are probably using PowerShell 7 and $_ in the catch block is empty. You can modify the first fetch to use Invoke-RestMethod with option [-ResponseHeadersVariable <String>] and -SkipHttpErrorCheck to get the response header object and parse the file name from the object.