none
Azure Data Market Resource Access using Groovy/Grails/Java

    Question

  • I am trying to use the instructions found in http://msdn.microsoft.com/en-us/library/gg193416.aspx#WebApps to access Azure Data Market Data sources using Grails/Groovy/Java. I am getting the "403 Forbidden" error. I have attached an elided code (removing identification information).

    The error I am getting is 403 Forbidden. And the header information in the response is:

        DataServiceVersion=[1.0;]
        Content-Length=[211]
        ActivityID=[692f88ee-9356-44e5-952f-e9b42cab34c9]
        Access-Control-Max-Age=[604800]
        Access-Control-Allow-Methods=[GET, POST, OPTIONS]
        Access-Control-Allow-Credentials=[false]
        X-Powered-By=[ASP.NET]
        Server=[Microsoft-IIS/8.0]
        Cache-Control=[private]
        X-Content-Type-Options=[nosniff]
        X-AspNet-Version=[4.0.30319]
        Access-Control-Allow-Headers=[Authorization]
        Date=[Fri, 13 Sep 2013 23:20:49 GMT]
        Access-Control-Allow-Origin=[*]
       Content-Type=[application/xml]

    Changing the Content-Type header to www-form-urlencoded or application/xml in the enclosed code below produces 415 Unsupported Media Type.

    I do have authorization to access the source and I have examined the token returned by Azure and it looks legit. 

    Here is the code sample

        
    def getDataFromResource() {
    		def serviceUrl = params.azuredatarooturl;
    		def relativeUrl = params.azuredatarelativeurl;
    		if (serviceUrl == null || serviceUrl == '' || relativeUrl == null || relativeUrl == '') {
    			redirect (url: "/");
    		}
    		if (serviceUrl[-1] !='/' && relativeUrl[0] != '/') {
    			serviceUrl = serviceUrl + '/'
    		}
    		String enKey = URLEncoder.encode(grailsApplication.config.oauth.providers.AzureDataMarket.key);
    		String enSecret = URLEncoder.encode(grailsApplication.config.oauth.providers.AzureDataMarket.secret)
    		if (session.authenticationToken == null || session.authenticationToken == '') {
    			renderError 400, "AzureDataAuthController 159: Please authenticate against Azure Data Service"
    			return
    			
    		}
    		String authorization = 'Bearer ' + session.authenticationToken.accessToken.getToken(); // this is the text of the token returned by Azure Data Market
    		String content = authorization;// 
    		URL aurl = new URL(serviceUrl + relativeUrl);
    		HttpURLConnection conn = aurl.openConnection();
    		conn.setDoInput(true);
    		conn.setDoOutput(true);
    		conn.setUseCaches(false);
    		conn.setRequestProperty("Authorization", authorization);
    		conn.setRequestProperty("Accept", "application/atomsvc+xml;q=0.8");
    		DataOutputStream    printout = new DataOutputStream (conn.getOutputStream ());
    		printout.writeBytes (content);
    		printout.flush ();
    		printout.close ();
    		def status = conn.getResponseCode();
    		for (header in conn.getHeaderFields().entrySet()) {
    			println(status + " " + conn.responseMessage + " " + header.getKey() + "=" + header.getValue());
    		}
    		
    		// Get response data.
    		DataInputStream input;
    		try {
    			input = new DataInputStream (conn.getInputStream ());
    		} catch (IOException e) {
    			println(content + "\n***" + e.getMessage() + '\n***' + e.printStackTrace());
    			return;
    		}
    		....
    }


    Saturday, September 14, 2013 5:53 PM

All replies

  • Hi,

    May I know how you get session.authenticationToken? If the token is a valid OAuth token, then your request would work fine. But I noticed you also have enKey and enSecret, although they're not used in the request. What kind of authentication mechanism do you want to use? If you use OAuth, then you don't need the key and secret. If you want to use basic authentication (http://msdn.microsoft.com/en-us/library/gg193417.aspx), there's only a single key (not a key and a secret).

    Best Regards,

    Ming Xu


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Monday, September 16, 2013 9:54 AM
    Moderator
  • Ming

    thanks. I am using/would like to OAuth 2.0. And, as you noticed, I am not using the key or secret. 

    I store the value session.authenticationToken using a separate process using a grails plugin to get the authentication token. It will take too long to explain how that works. Suffice it to say that I am following the instructions provided in http://msdn.microsoft.com/en-us/library/windowsazure/gg193416.aspx. 

    On visual examination, the Token looks like the one provided in the URL above -- i.e., it looks like:

    http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2fnameidentifier=812d5dea-1111-43c0-b2af-38cbe4d58bf8&http%3a%2f%2fschemas.microsoft.com%2faccesscontrolservice%2f2010%2f07%2fclaims%2fpermissions=10a6465f-b0a6-49ca-9175-b24caaf74db0&http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2009%2f09%2fidentity%2fclaims%2factor=myapp&http%3a%2f%2fschemas.microsoft.com%2faccesscontrolservice%2f2010%2f07%2fclaims%2fidentityprovider=DataMarketIdentityProvider&Audience=https%3a%2f%2fapi.datamarket.azure.com&ExpiresOn=1303325933&Issuer=https%3a%2f%2fdatamarket.accesscontrol.windows.net%2f&HMACSHA256=YWSfH6Byumh7HqI4j7U8dsXFD88f42irvNVtGdG8zCY%3d

    I can post the actual authentication token value if that will help, but not sure if that is a good idea or not. 

    A key question I have is when my program gets permission as per the URL above, I ask for access to entire user's account using x_permissions=account in the oauth consent flow. Do I also need to specify the x_required_offers="relative_url_of_datasource" in my consent flow parameter for the data sources.

    I had assumed that getting permission for the entire account meant that I would also get permission for the data sources that the user has subscriptions to. Is that not the case ? That is what the document says.

    After further debugging, I observe the following with different setting for Content-Type header, i.e.

    conn.setRequestProperty("Content-Type", "application/xml"); or 
    conn.setRequestProperty("Content-Type", "application/json;odata=verbose"); or
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    When I set the Content-Type to application/xml or application/x-www-form-urlencoded or not set it at all, I get "Unsupported Media Type" with Response Code 415.

    When I set the Content-Type to application/json;odata=verbose, I get "Forbidden". I don't know if this gives a clue.

    Sankar





    • Edited by sankarv Sunday, September 22, 2013 10:07 PM
    Saturday, September 21, 2013 9:36 PM
  • Hi,

    In order for us to better understand the issue please kindly let us know:

    1. What dataset are you attempting to access within Azure Marketplace ?
    2. Have you verified you have subscribed to the dataset and can successfully access it using the Service Explorer tool ? For example,  if you subscribed to MS Translator (https://datamarket.azure.com/dataset/bing/microsofttranslator ) , you’ll find an option ‘Explorer this Data’ on the main page. If you click this option, you’ll be taken to a sandbox where you can issue queries against the dataset to verify your subscription is working.  Each dataset has a corresponding ‘Explorer this Data’ option on the main page. 
    3. Have you Registered an Application within the Marketplace portal  ? (https://datamarket.azure.com/developer/applications ) .  This is where your Client ID and Secret come from.

    Best Regards,

    Ming Xu


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, October 15, 2013 8:42 AM
    Moderator
  • Answers to your question:

    a) Real GDB Per Capita By State (1997 - 2011) and other public data sets.

    b) I have an active subscription to these data sources and I get unlimited transactions on these data sources. Yes, In order to find the URL I can use to submit the question, I have to explore the data in the explorer and I have done so.

    c) Yes. I have registered the application.

    Tuesday, October 15, 2013 11:28 AM