REST API Https UD 27

LxLechat · December 4, 2019, 11:07am

Hello,
My server is currently running on UD 2.6 with a certificate.

If i try with the 2.7 (and the last nightly release) the login route does not work…
I use POSTMAN to test my routes.
If send a request to https://myserver/api/login on 2.6 i get the token… but on 2.7 nothing !

i enabled the logging and get the following message:
11:48:09 [Debug] PowerShellExecutionService UDPage = 11:48:09 [Debug] Quartz.Core.JobRunShell Trigger instruction : NoInstruction 11:48:17 [Info] Microsoft.AspNetCore.Server.Kestrel Connection id "0HLROKNBM0LC1" bad request data: "Invalid request lin e: ''"

any idea ?

BoSen29 · December 4, 2019, 11:42am

Hi @LxLechat

How is your auth method lookin’?
And how do you format your login restrequests?

LxLechat · December 4, 2019, 12:29pm

It’s pretty straight forward … the auth method is based on the example present in the docs

$AuthMethod = New-UDAuthenticationMethod -Endpoint {
    param([PSCredential]$Credential)
    ## do some stuff
    ## create to token
    $date = [DateTime]::UtcNow.AddMinutes(240)
    $token = Grant-UDJsonWebToken -Identity $Credential.UserName -Role "Admin" -Expiry $date
    $Out = New-UDAuthenticationResult -Success -UserName $Credential.UserName -Role "somerole","someotherrole" -Token $token
    $Out
}

The start-udrestapi looks like this:

$cert = ( Get-ChildItem -Path cert:\LocalMachine\My\MyCertificate )
Start-UDRestApi -Port 443 -Endpoint @(
    ## My Routes
    $Route1,
    $Route2..
} -AuthenticationMethod $AuthMethod -EndpointInitialization $( New-UDEndpointInitialization -Module @("some-module-path1.psm1","some-module-path2.psm1") ) -certificate $cert

This is how i request the token using POSTMAN (works fine on 2.6)

I havent changed a thing between the 2.6 and 2.7 just tried to update UD version that’s all
On thing: i’m doing my test in a dev environnement, so, in this environnement i did not provide a licence, and have to restart my UD server every hour, maybe something changed betweend 2.6 and 2.7 ???

BoSen29 · December 4, 2019, 12:52pm

Hi again @LxLechat

I might be in over my head here, as i’ve never used rest auth myself.
There is not any references to any major changes to the restauth in the change logs as far as i see.

Any insight @adam ?

LxLechat · December 4, 2019, 1:39pm

Oh and btw there seem to be an error in the doc for the rest api auth https://docs.universaldashboard.io/security/rest-api-authentication

if i’m not wrong the route to login must be “/api/login” not “/login”, and so the uri example should be $Token = Invoke-RestMethod -Uri http://localhost:10001/api/login -Method POST -Body @{ UserName = "Adam"; Password = "Test" }

adam · December 4, 2019, 2:25pm

        $auth = @()
        $auth += New-UDAuthenticationMethod -Endpoint {
                param([PSCredential]$Credential)
                $userName = $Credential.UserName
                $role = if ($userName -eq 'Bartek') {
                    'admin'
                } else {
                    'luser'
                }
                $Token = Grant-UDJsonWebToken -Identity $UserName -Role $Role -Issuer 'Adam'
                New-UDAuthenticationResult -Success -UserName $userName -Role $role -ErrorMessage '' -Token $Token
            }
        $auth += New-UDAuthenticationMethod -Issuer 'Adam'

        $endpoint = New-UDEndpoint -Url /authtest -Endpoint {
            $User
        }

        $Server = Start-UDRestApi -Port 10001 -AuthenticationMethod $auth -Endpoint $endpoint

        It "should login to api " {
            $uri = 'http://localhost:10001/login'
            $Result = Invoke-RestMethod -Uri $uri -Method POST -Body (@{ username = "Bartek"; password = "Test" } | ConvertTo-Json) -SessionVariable "Session"
            $uri = 'http://localhost:10001/api/authtest'
            Invoke-RestMethod -Uri $uri -Method GET -Headers @{ Authorization = "Bearer $($Result.Token)"} | Should be "Bartek"
        }

This is from the UD test suite. This particular test is passing in the latest 2.8 nightly build. The one difference I’m noticing is that we are sending in JSON rather than form data and it is using the /login endpoint. I’m not sure why that changed but if you file a bug, we can look at making sure it works as it did in 2.6 for 2.8

LxLechat · December 4, 2019, 2:39pm

thanks adam,
when you write 2.8 do you refer to this release: https://github.com/ironmansoftware/universal-dashboard-enterprise/releases/tag/nightly.20191202.3
if that’s the case, then i dont understand because i have to use the /api/login not /login endpoint …
or maybe i did not use the right release ?

Anyway! the problem is not the endpoint i think but maybe it’s the certificate part … i dont know

adam · December 4, 2019, 2:42pm

That’s the correct release. If you change your postman request to use /login and change the body to use JSON rather than form-data does it work for you?

LxLechat · December 4, 2019, 2:55pm

Nop sorry it’s not working, if i try to use /login i get a 500 internal error … ! like this endpoint does not exist … …
i double checked the module i’m using, can you confirm:
version should be 2.7.0
Version GuId : c7894dd1-357e-4474-b8e1-b416afd70c2d

adam · December 4, 2019, 3:10pm

try this version of invoke rest method:

Invoke-RestMethod -Method Post -Uri http://localhost:10001/login -Body (@{"username"="toto";password="toto"} | ConvertTo-Json)

LxLechat · December 4, 2019, 3:38pm

Oh Boy! totally forgot to convert to json -_- so it works … sorry for that !

But it’s not working with my certificate on port 443 wich was working on 2.6

adam · December 4, 2019, 3:42pm

What error are you getting? I’m surprised HTTPS would stop working.

LxLechat · December 4, 2019, 4:02pm

Yes me too, and i m a bit lost
so i tried with the /login:

PS> Invoke-RestMethod -Uri https://myserver/login -Body (@{username="Ayoub";password="toto"} | C
onvertTo-Json) -Method Post
Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ Invoke-RestMethod -Uri https://myserver/login -Body (@{username="Ay ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

i enabled ud logging:

17:02:04 [Info] Microsoft.AspNetCore.Server.Kestrel Connection id "0HLROQ6JGEABK" bad request data: "Invalid request lin
e: ''"
17:02:04 [Info] Microsoft.AspNetCore.Server.Kestrel Connection id "0HLROQ6JGEABL" bad request data: "Invalid request lin
e: ''"

LxLechat · December 9, 2019, 2:38pm

Any Idea ? maybe there are some logs somewhere i’m not aware of ?
I’m really stuck here … cant migrate to 2.7
My certificate is a web certificate, i also tried with a basic sefl signed certificate but the same error keeps popping in the log ( same as my previous thread )… maybe i missed something … !

adam · December 9, 2019, 3:59pm

Just to be clear, you are running this via the PowerShell console and not hosted in IIS ?

LxLechat · December 9, 2019, 7:37pm

Yup Powershell console. 5.1

adam · December 9, 2019, 7:47pm

Can you compare these tests with what you are doing? I just verified that these work locally and they are passing on the builder.

LxLechat · December 9, 2019, 8:27pm

ok i’ll build a single test route, with the same auth method as your pester test and try it on http/https
For https i’ll use the certificate i use for my rest server on 2.6

LxLechat · December 9, 2019, 8:54pm

ok i dll the last nightly and i copy/pasted the test above … i managed to get the token then i get an erro 500

PS C:\Users\Lx\GitPerso> $Result


success      : True
userName     : Bartek
errorMessage :
redirectUrl  :
token        : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiQ
               ZjIyLWQxOGUtNDk3MC1hYWRkLTg4Y2JkNjA0YTAzYyIsInN1YiI6IlVuaXZlcnNhbERhc2hib2FyZCIsImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3
               mlzcyI6IkFkYW0iLCJhdWQiOiJVbml2ZXJzYWxEYXNoYm9hcmQifQ.ThJ1_u5esQggN55l0UaGtaw8AQtqoWZMbPYOq-X7XD8
roles        : {admin}



PS C:\Users\Lx\GitPerso> $uri = 'http://localhost:10001/api/authtest'
PS C:\Users\Lx\GitPerso>             Invoke-RestMethod -Uri $uri -Method GET -Headers @{ Authorization = "Bearer $($Result.Token)"}
Invoke-RestMethod : Le serveur distant a retourné une erreur : (500) Erreur interne du serveur.
Au caractère Ligne:1 : 13
+             Invoke-RestMethod -Uri $uri -Method GET -Headers @{ Autho ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

PS C:\Users\Lx\GitPerso> $host.version

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      18362  145

( i ran this on my personnal laptop…

(sorry i’m french and my english is not that good … )

adam · December 9, 2019, 9:04pm

Hmmm bizarre. Can you enable logging to see what error is causing the 500?

Topic		Replies	Views
REST API authentication Universal Dashboard Help	2	882	April 10, 2020
REST API - 401, role problems Universal Dashboard Help	16	1507	December 17, 2019
Authentication - Dashboard and REST API Universal Dashboard Help	3	1358	October 29, 2019
Azure AD REST API authentication Universal Dashboard Help	1	672	June 10, 2020
REST API setup and auth in an IIS configuration Universal Dashboard Help	3	815	February 12, 2020

REST API Https UD 27

Related Topics