question

sachin-3215 avatar image
0 Votes"
sachin-3215 asked sachin-3215 edited

Not able to get http response from a third party API when code deployed to azure function app, in debug mode its working fine

I have created an azure http trigger (also tried with timer trigger) function and it is calling an third party API with necessary params as content header. Locally in VS Code (debug mode), it's working fine. I am getting desired response (getting token if we call token end point as well as proper response if we call another end point by passing token). Even with postman I am getting correct response.

But when I deployed this function to azure function app, it's not getting response from both endpoint. (either from token one or if I pass hardcoded token copied from postman to second endpoint).

In logs, I can see function being called and when I am logging response I am getting a large html text(don't know what is that) Is it possible that third party API is blocking or restricting calls from azure function(though it's working locally or with postman if we pass proper values) Tried everything but can' find out the exact issue. I have verified I am passing correct values as grant_type, client_Id, client_secret, username, password, scope)

Have pasted below sample piece of code:

private async Task<Token> GetToken()
{
try{
HttpContent content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{"grant_type", Environment.GetEnvironmentVariable("test-grant-type")},
{"username", Environment.GetEnvironmentVariable("test-username")},
{"password", Environment.GetEnvironmentVariable("test-password")},
{"client_id", Environment.GetEnvironmentVariable("test-client-id")},
{"client_secret", Environment.GetEnvironmentVariable("test-client-secret")},
{"scope", Environment.GetEnvironmentVariable("test-scope")}
});

 HttpClient client = new HttpClient();
    
 string tokenEndPoint = Environment.GetEnvironmentVariable("test-tokenApiEndPoint");
    
 //calling API
 HttpResponseMessage messageResult = await client.PostAsync(tokenEndPoint, content);        

                    
 _logger.LogInformation($"Log Info:  GetToken method: httpResponseMsg: {messageResult}");
    
 string apiResponse = messageResult.Content.ReadAsStringAsync().Result;

 _logger.LogInformation($"Log Info:  GetToken method: apiResponse: {apiResponse}");
    
 Token resTokenModel = JsonConvert.DeserializeObject<Token>(apiResponse);
 }
 catch (System.Exception ex)
 {
     _logger.LogError($"Exception : GetToken Method: Exception: {ex.Message}");
     throw new Exception(ex.Message);
 }

return resTokenModel;
}



Log html response sample (it's not complete as it is very large), Log1:

2022-06-29T08:30:05.490 [Information] Log Info: GetToken method: httpResponseMsg: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:{Cache-Control: no-store, no-cachePragma: no-cacheStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-Frame-Options: DENYLink: <https://aadcdn.msauth.net>; rel=preconnect; crossoriginLink: <https://aadcdn.msauth.net>; rel=dns-prefetchLink: <https://aadcdn.msftauth.net>; rel=dns-prefetchX-DNS-Prefetch-Control: onP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 18670f19-3bec-4556-9b66-2c3760855300x-ms-ests-server: 2.1.13006.6 - WEULR1 ProdSlicesX-XSS-Protection: 0Set-Cookie: buid=0.AQIANaKxxxx_PBbRZsxxxx_PzErkPdDcCAdAA.xxxx--DLA3VO7QrddgJg7WevrDRjJU0T4KWPoylW2bC-ExpJHweIFWSInAdxjVwFITAQNF_FKbJPKHxxxxxp9ivEPYDacemz4wUo_sc04zyJbXjfz-2bVvxUz-AgAA; expires=Thu, 28-Jul-2022 08:30:05 GMT; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: fpc=AsZ-7OJNXMJAsZa7WVUJsyzxSauWAQAAAAyzTNoOAAAA; expires=Thu, 29-Jul-2022 08:30:05 GMT; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: esctx=AQABAAAAAAD--DLA3VO7QrddgJg7WevrvlcjjHs6JSFKoM9RHgIe1sGicQYOARxxxxwtTCtFHUZ7DawxrkQC4x3uxxkXSFkTTUgthZA1MEqk-Pmv2mzfkL9xBHg1V-LSzxeaWxtB38SA--OJKRBbdBVRR0D80RGqwGWTn5bm4XeaaWFCt5SYYet_q1fuHwxUMe7OXIuQgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; httponlySet-Cookie: stsservicecookie=estsfd; path=/; secure; httponlyDate: Tue, 28 Jun 2022 08:30:04 GMTContent-Type: text/html; charset=utf-8Expires: -1Content-Length: 195652}



From below html, I can only understand "Sign in to your account" but where to sign, Log2:

2022-06-28T08:30:05.492 [Information] Log Info: Synergi Repo: GetToken method: apiResponse:<!-- Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head><title>Sign in to your account</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes"><meta http-equiv="Pragma" content="no-cache"><meta http-equiv="Expires" content="-1"><link rel="preconnect" href="https://aadcdn.msauth.net" crossorigin><meta http-equiv="x-dns-prefetch-control" content="on"><link rel="dns-prefetch" href="//aadcdn.msauth.net"><link rel="dns-prefetch" href="//aadcdn.msftauth.net"><meta name="PageID" content="ConvergedSignIn" /><meta name="SiteID" content="" /><meta name="ReqLC" content="1033" /><meta name="LocLC" content="en-US" /><meta name="referrer" content="origin" /><meta name="format-detection" content="telephone=no" /><noscript><meta http-equiv="Refresh" content="0; URL=https://login.microsoftonline.com/jsdisabled" /></noscript><meta name="robots" content="none" /><script type="text/javascript">//<![CDATA[$Config={"fShowPersistentCookiesWarning":false,"urlMsaSignUp":"https://login.live.com/oauth20_authorize.srf?response_type=code\u0026client_id=5xxx2-085c-xxxx-bf88-xxxxx8\u0026scope=openid+profile+email+offline_access\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIxxxxxxFM4lbVARUISEBAuDmwnlYp99Z8dGDEFtIWogJQGEUCQ4n-_SE845sZ2UgBj5GZkYChISYycEC3QBJIREp0wIMSPBABJbO-KUFYnlLe99f-87Wxxxxkk1A8g9i0b-pawoLCQ6buGcLDlxEf2H_549xxxxvH95ugLnroRzxCot6m-DEWpr2E0_Xk7HicVcOaIUPhlJF8XSvvwZgAsAPADbzJYdaFAufQMQtA2LmBpASIaAgriAkEAjR6tf8fLM2TNfM6YhieZtvFB7ka_3-ahzdGrdTmnLvjlZXIxrK4FJ0k6sWT-Ox5qlhGJa1enI-iYRPNU_QMOFlrRnLrlQ0bNH1y3Goedpfux2982_DHb2puAy4SmU67ugsUoqztKOnUxxxxx4PMkZs0Sp1GIaYZy_EJnGgbwgTWowz5mAfE-FmyDZPEhmpPYiDGEKE2dCx7QzCmAt9GhjQtlwR2Dwj84V2d2FJBU2xl3mVxrS38LJQsijF1LQI9G1uQlwNCHSRS6AjmDBIpuX6xnahGPW5ksGXApjMgN0Z8Hw26_H4fPfYz1NXlp6IsnPjXju3PasnA0MuXsNdtFLt9thyO0zZsoqvxiuN9bONOg4vLEbDxsUzdnVQO4089KgIfhfBw325rbn_1P7iAHh3MLd7aOfbqzf3nz7-de4P0\u0026estsfed=1\u0026uaid=71c115c676664cc9bad0639fd6e7c4bf\u0026signup=1\u0026lw=1\u0026fl=easi2\u0026fci=7e7dac8e-5abd-4b36-b3f3-f312b90f7437","urlMsaLogout":"https://login.live.com/logout.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","urlOtherIdpForget":"https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com","showCantAccessAccountLink":true,"urlGitHubFed":"https://login.live.com/oauth20_authorize.srf?response_type=code\u0026client_id=xxx-085c-xx-bf88-xxx\u0026scope=openid+profile+email+offline_access\u0026response_mode=form_post\u0026redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa\u0026state=rQQIAxxxVE9bNNAxxxISEBAuDmwnlYp99Z8dGDEFtIWogJQGEUCQ4n-_SE845sZ2UgBj5GZkYChISYycEC3QBJIREp0wIMSPBABJbO-KUFYnlLe99f-87WUAV5JUc7gSUVTkxxxx-pawoLCQ6buGcLDlxEf2H_549P1AjD41tibs2efvH95ugLnroRzxCot6m-DEWpr2E0_Xk7HicVcOaIUPhlJF8XSvvxxxbzJYdaFAxxxxxiAkEAjR6tf8fLM2TNfM6YhieZtvFB7ka_3-ahzdGrdTmnLvxxxrK4FJ0k6sWT-Ox5qlhGJa1enI-iYRPNU_QMOFlrRnLrlQ0bNH1y3Goedpfux2982_DHb2puAy4SmU67ugsUoqztKOnUymtrLWyW56kmRshQ14PMkZs0Sp1GIaYZy_EJnGgbwgTWowz5mAfE-FmyDZPEhmpPYiDGEKE2dCx7QzCmAt9GhjQtlwR2xxxxd2FJBU2xl3mVxrS38LJQsijF1LQI9G1uQlwNCHSRS6AjmDBIpxxxxsGXApjMxxx26_H4fPfYz1NXlp6IsnPjXju3PasnA0MuXsNdxxxvxiuN9bONOg4vLEbDxsUzdnVQO4089KgIfhfBw325rbn_1P7iAHh3MLd7aOfbqzf3nz7-de4P0\u0026estsfed=1\u0026uaid=71c115c676664cc9bad0639fd6e7c4bf\u0026fci=7e7dxxxx-b3f3-f312b90f7437\u0026idp_hint=github.com","fShowSignInWithGitHubOnlyOnCredPicker":true,"fEnableShowResendCode":true,"iShowResendCodeDelay":90000,"sSMSCtryPhoneData":"AF~Afghanistan~93!!!AX~Åland Islands~358!!!AL~Albania~355!!!Islands~358!!!AL~Albania~355!!!


  • and so here is large html content as above ---



Exception log: This is because in code we are parsing response (so below issue is because it tried to parse response html) - so this does not seems to be useful

2022-06-29T15:18:14.657 [Error] Exception : GetToken Method: Exception: Unexpected character encountered while parsing value: '<'. Path '', line 0, position 0.
2022-06-29T15:18:14.710 [Error] Exception : Method: Exception: One or more errors occurred. (Unexpected character encountered while parsing value: '<'. Path '', line 0, position 0.)



If anyone has faced similar issue or can give an idea what can be the cause, though it's hard to find just looking in to code

Thanks


dotnet-csharpazure-functionsdotnet-aspnet-core-generaldotnet-aspnet-core-webapi
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered sachin-3215 commented

You are getting either an error login page. Your parameters are probably not correct or login configuration is not correct.

View with an html viewer to better read.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the reply. But same code and same parameters working correctly on debug mode or with postman able to get response. Same issue is also coming if we use another endpoint of same API when I copy token from postman and use it to get data. I check all parameters are same and issue is only coming when deployed to azure function app.
is it possible that API is restricting calls from azure function app (though it seems to be public)
I have tried same code with timer trigger and http function but no clue and same issue

0 Votes 0 ·
MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered MayankBargali-MSFT commented

@sachin-3215 Can you please confirm if your application settings has the keys and values that you have leveraging in your function app. In case if the values are defined correctly then please log the value of your environment variables to verify whether you are able to get the right value, or it is empty.

 var value = Environment.GetEnvironmentVariable("your_key_here")
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MayankBargali-MSFT - Thanks for the reply, I was thinking no one is going to reply :)

I have already tried the steps suggested by you and all values from key vault are correct. I verified all those environment variables values using logging.

Few point that might help you finding exact cause:

Last month same function was working correctly when we deployed it but all of sudden stopped working when I modify the token endpoint URL as it was modified by API vendor. I verified it on deployed version as well by logging and and this one is the new one and correct one we are using.

Is it possible that API is restricting our azure function calls? though it seems to be public as it's allowing from debug(localhost) and postman.

It might help you to find exact reason. For testing purpose I tried all things like for now just keeping the code which is calling token end point to find the issue but again it's of no use, same issue.

I also tried to copy same API endpoint token, generated though postman and called another endpoint of same API using that token but still same issue here as well.





0 Votes 0 ·

@sachin-3215 Please refer to my private comment so I can connect offline to validate the request traces from postman and how the request is built from your function app.

0 Votes 0 ·
Bruce-SqlWork avatar image
0 Votes"
Bruce-SqlWork answered sachin-3215 commented

the response to your GetToken call is the html AzureLogin page (which is only supported by a browser or webview). this would suggest the endpoint you are calling has a different api then you are sending. check with your vendor.

note: typically with current openid protocols, you can not login via post of user name / password. for applications its typically a client and secret.

the vendor could also require different authentication based on the client ipaddress.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Here we are also using clientId, clientSecret, grantType and scope along with username and password to call then token api endpoint.

And if we say : the vendor could also require different authentication based on the client ipaddress. - for this i am not sure..because api seems to be public as we can call it and get proper response using postman or in debug mode

0 Votes 0 ·
satyakarki-5933 avatar image
0 Votes"
satyakarki-5933 answered sachin-3215 commented

I think the parameters are different for the development environment where you are getting values successfully than after deployment in azure. From my experience, the vendor sometimes gives client ID, secret key, and so on different for development than the production, and when we deploy we need to change those parameters for production. You can consult with your Third part API provider.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We are using the same endpoint and environment in this case and here its qa for local(debug) as well as when we are deploying..
Have verified paramaters as well by logging them after deployment and evenything is same.


0 Votes 0 ·
sachin-3215 avatar image
0 Votes"
sachin-3215 answered sachin-3215 edited

Hi All,

Thanks to all who replied and viewed this thread, especially to @MayankBargali-MSFT.

We have found the actual problem and it's not from the code/development side. The vendor has migrated the API to azure server and now they have another level of authentication (might be azure Ad)

So the original authentication which I believes (JWT Oauth) is returning it's token but we are not authenticating azure one so that's might be the reason we are getting azure html page.

Now API team is looking what's need to be done. We can close this thread or if someone has any solution or suggestion they can share.

Thanks,
Sachin

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.