Why does Azure Funtion http request triggered on a timer return access denied 401?

Question

Why does Azure Funtion http request triggered on a timer return access denied 401?

Be The Code 86

The fact that the http request occurs on a timer trigger probably has very little to do with the issue but is mentioned so that there is a distinction that it is not a function httptrigger.

The url has a request header that is required ("SomeHeaderKey", "SomeHeaderValue").

When performing a curl command on a url to api located in APIm (API management) there is 200 ok response.

When adding the same address with the same header within an Azure Function, I get a 401 (Access Denied).

The header key and value is the same for both the curl command and the Azure Function but wondering if that has something to do with it or is the Azure Function needing some other additional authentication. The api in APIm is taking the url as a parameter to call along with the header. The function is written in c# and here is the section of code:
using System.Net.Http;
using System.Net.Http.Headers;

public async static Task RunAvailabilityTestAsync(ILogger log)
{
   public async static Task RunAvailabilityTestAsync(ILogger log)
   {
      using (var httpClient = new HttpClient())
      {
         httpClient.DefaultRequestHeaders.Authorization = 
            new AuthenticationHeaderValue("SomeHeaderKey", "SomeHeaderValue");

         await httpClient.GetStringAsync("https://api.someaddresstoAPIm.com/?url=http://someaddress.to.request");
      }
   }
}

Accepted answer

0 additional answers

Your answer

Answer 1

MayankBargali-MSFT 70,936 Moderator

@Be The Code As you are calling the APIM service you need to pass the Ocp-Apim-Subscription-Key header to authenticate the request.
In your code you are passing the AuthenticationHeaderValue which creates the header as below:
Authorization: SomeHeaderKey SomeHeaderValue

The right header that APIM accepts is:
Ocp-Apim-Subscription-Key : yourSubcriptionKey

You need to replace this code : httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SomeHeaderKey", "SomeHeaderValue"); with the below code to pass the right headers.

httpClient.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "yourSubscriptionKey");

Be The Code 86 Reputation points

2021-09-30T11:25:14.54+00:00

Yes, I am passing the Ocp-Apim-Subscription-Key in the header. I just wrote "SomeHeaderKey" as a replacement for Ocp-Apim-Subscription-Key. So that format you have in the answer is exactly the format I'm using. Is there any other authentication issue that would prevent this from working? Does it matter if the APIM is residing in a different subscription than the Azure Function as long as the APIM address is public?
MayankBargali-MSFT 70,936 Reputation points Moderator

2021-09-30T12:20:48.837+00:00

@Be The Code It doesn't matter if the APIM and function are in different subscription untill and unless you are passing the right credentials i.e. headers. As I mentioned in my answer the header is not passed correctly and it is the code issue that the header are not set correctly.
You need to use httpClient.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "yourSubscriptionKey"); instead of httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Ocp-Apim-Subscription-Key", "yourSubscriptionKey");

Your code will be creating the header as
Authorization: Ocp-Apim-Subscription-Key yourSubscriptionKey

The right header that APIM accepts is
Ocp-Apim-Subscription-Key : yourSubcriptionKey
Be The Code 86 Reputation points

2021-10-01T09:27:17.037+00:00

Using the Add method worked. Thank you sir.

Share via

Why does Azure Funtion http request triggered on a timer return access denied 401?

0 additional answers

Your answer