Search code examples
azureoauth-2.0access-tokenazure-arc

Azure arc agent error "Missing Basic Authorization header"

I am following Microsoft tutorial on installing Azure Arc Server agent, https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication , the install went well and I am now testing to get a token. Using the code provided by the article above (I ran it with Visual studio as Administrator ).

$apiVersion = "2020-06-01"
$resource = "https://management.azure.com/"
$endpoint = "{0}?resource={1}&api-version={2}" -f $env:IDENTITY_ENDPOINT,$resource,$apiVersion
$secretFile = ""
try
{
    Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing
}
catch
{
    $wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
    if ($wwwAuthHeader -match "Basic realm=.+")
    {
        $secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
    }
}
Write-Host "Secret file path: " $secretFile`n
$secret = cat -Raw $secretFile
$response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
if ($response)
{
    $token = (ConvertFrom-Json -InputObject $response.Content).access_token
    Write-Host "Access token: " $token
}

However i get the error :

{"error":"unauthorized_client","error_description":"Missing Basic Authorization header","error_codes":[401],"timestamp":"2023-07-05 10:32:31.7391949 +0200 CEST m=+5321.276017201","trace_id":"","correlation_id":"0ec3a4b9-292b-4283-aaee-d76fc1339976"}

I looked at the hims log "C:\ProgramData\AzureConnectedMachineAgent\Log\himds.log" without much more information , i get the same error with a line saying :

time="2023-07-05T11:44:59+02:00" level=info msg="Missing Basic Authorization header" reason=unauthorized_client uuid=a022087f-7bd9-43dd-b88b-9c8f4e1ab168

I tried with Postman, same error.

Any idea what went wrong ?

Vincent

I tried using postman and i got the exact same problem.

Solution

  • You are probably using PowerShell 7 and $_ in the catch block is empty. You can modify the first fetch to use Invoke-RestMethod with option [-ResponseHeadersVariable <String>] and -SkipHttpErrorCheck to get the response header object and parse the file name from the object.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod?view=powershell-7.3