Edge Module Direct Method setup - Returns RefusedNotAuthorized

Question

Edge Module Direct Method setup - Returns RefusedNotAuthorized

Jeffrey K 171

We are getting an error at our custom edge module when trying to setup Directmethod. We followed the article followed in
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-csharp-csharp-device-management-get-started

We have also opened the port for 8883. Any idea what we are missing here?

Starting up
Connecting to Hub
Application start-up failed: System.AggregateException: One or more errors occurred. (CONNECT failed: RefusedNotAuthorized)
---> Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException: CONNECT failed: RefusedNotAuthorized
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenInternalAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass27_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsyncT
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.OpenInternalAsync(Boolean withRetry, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnsureOpenedAsync(Boolean withRetry, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass24_0.<<EnableMethodsAsync>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Azure.Devices.Client.TransientFaultHandling.RetryPolicy.<>c__DisplayClass34_0.<<RunWithRetryAsync>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Azure.Devices.Client.TransientFaultHandling.RetryPolicy.RunWithRetryAsyncT
at Microsoft.Azure.Devices.Client.TransientFaultHandling.RetryPolicy.RunWithRetryAsync(Func1 taskFunc, ShouldRetry shouldRetry, Func2 isTransient, Action`3 onRetrying, Boolean fastFirstRetry, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnableMethodsAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.HandleMethodEnableAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.SetMethodHandlerAsync(String methodName, MethodCallback methodHandler, Object userContext, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.SetMethodHandlerAsync(String methodName, MethodCallback methodHandler, Object userContext)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at Program.Main(String[] args) in /src/Omnicell.Cloud.DataRestore.API/Program.cs:line 39

QuantumCache 20,671 Reputation points Moderator

2022-12-02T02:45:31.947+00:00

Hello @Jeffrey K what kind of authentication are you using in your device app?

Do you have any code snippets? so that we verify and better understand how your authentication is working!

Ref: CONNECT failed: RefusedNotAuthorized C#

Jeffrey K 171

Below the sample code. We were using connectionstring based auth generated from the Shared Access policy of IoTHub. Let me know if I'm missing something here.

 static string DeviceConnectionString = "HostName=<hostname>;DeviceId=<deviceId>;SharedAccessKeyName=iothubowner(also tried device);SharedAccessKey=<sharedaccesskey>";   
  var deviceClient = DeviceClient.CreateFromConnectionString(DeviceConnectionString, TransportType.Mqtt);  
  deviceClient.SetMethodHandlerAsync("HelloMethod", HelloMethod, null).Wait();  
			  
			  
	private static Task<MethodResponse> HelloMethod(MethodRequest methodRequest, object userContext)  
    {  
      Console.WriteLine();  
      Console.WriteLine("Starting the Hello World ...");  
      Console.WriteLine("Returning response for method", methodRequest.Name);  
   
      return Task.FromResult(new MethodResponse(Encoding.UTF8.GetBytes(result), 200));  
    }

Jeffrey K 171 Reputation points

2022-12-05T04:36:00.91+00:00

Thanks for the response. So connection string from the Shared Access Policy of the IotHub does not work?

I can try with the private key auth

1 answer

Your answer

QuantumCache 20,671 Reputation points Moderator

2022-12-02T02:45:31.947+00:00

Hello @Jeffrey K what kind of authentication are you using in your device app?

Do you have any code snippets? so that we verify and better understand how your authentication is working!

Ref: CONNECT failed: RefusedNotAuthorized C#
Jeffrey K 171 Reputation points

2022-12-05T04:34:19.5+00:00

Below the sample code. We were using connectionstring based auth generated from the Shared Access policy of IoTHub. Let me know if I'm missing something here.

static string DeviceConnectionString = "HostName=<hostname>;DeviceId=<deviceId>;SharedAccessKeyName=iothubowner(also tried device);SharedAccessKey=<sharedaccesskey>"; var deviceClient = DeviceClient.CreateFromConnectionString(DeviceConnectionString, TransportType.Mqtt); deviceClient.SetMethodHandlerAsync("HelloMethod", HelloMethod, null).Wait(); private static Task<MethodResponse> HelloMethod(MethodRequest methodRequest, object userContext) { Console.WriteLine(); Console.WriteLine("Starting the Hello World ..."); Console.WriteLine("Returning response for method", methodRequest.Name); return Task.FromResult(new MethodResponse(Encoding.UTF8.GetBytes(result), 200)); }
Jeffrey K 171 Reputation points

2022-12-05T04:36:00.91+00:00

Thanks for the response. So connection string from the Shared Access Policy of the IotHub does not work?

I can try with the private key auth

Answer 1

Sander van de Velde | MVP 36,951 MVP Volunteer Moderator

Hello @Jeffrey K ,

You try to create a device client based on the C# Azure IoT Device SDK.

Please check out this blog post with a similar approach.

Most importantly, you need to use the correct connection string.

This is the connection string unique for a single device:

HostName=someuniqueiothubname.azure-devices.net;DeviceId=testdevice;SharedAccessKey=XYZ

Do not use IoT Hub connection string, looking like this:

HostName=otheriothubname.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=ABC // DO NOT USE THIS!!!

This second connection string must never leave the save cloud environment. It this connection string is exposed outside the cloud the user can start manipulating your IoT Hub (seriously, keep it safe)!

Jeffrey K 171 Reputation points

2023-01-06T17:55:28.26+00:00

Got it. I see the issue then. Since we enrolled the device using certs, then the DeviceClient to be created using the leaf cert pfx file?

Share via

Edge Module Direct Method setup - Returns RefusedNotAuthorized

1 answer

Your answer