Response status code does not indicate success: 401 (Unauthorized) When calling Azure Blockchain RESTApi

Question

Response status code does not indicate success: 401 (Unauthorized) When calling Azure Blockchain

I am getting above error when calling Azure Blockchain RESTApi and I have checked all the permissions and getting Access Token correctly but When I call to get the applications we are getting Above mentioned Error

Answer 1

The issue was fixed, by following the below steps:

1) Go to Azure Portal-> App Service -> [Your App Service]-Api

2) Go to Authentication/Authorization Blade

Allow App Service Authentication and choose Allow anonymous requests(no action) and choose Azure Active Directory as Authentication Providers Click on Advanced -> Fill in the options as in the following image:

Client ID is the same as App ID in the AzureAD Application Registration Client Secret is the same as API Key you generated from the Keys Section in the AzureAD Application Registration Issuer URL is https://sts.windows.net/{AZUREADTENANTID} ß You can get the azuread tenant ID from the AzureAD Properties Allowed Token Audiences should have the following value: i. [https://%7bYOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback] https://{YOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback

3) Go to Azure Active Directory Now, go to Azure AD and Navigate to App Registrations and Click BlockChain API ß or the name you chose for your Azure AD App Registration when you configured blockchain the first time:

Click Settings and Click Reply URLs

Add the following URLs there:

Blockchain Workbench URL (it should be already there) Blockchain API Base URL (the one that has -API in it) Blockchain API Base URL with Callback (as indicated below, but use your own URL and add /.auth/login/aad/callback) The getpostman.com/oauth2/callback URL will be used later to test the API using the Postman App (An App used to test APIs), please add it as is below

4) Save your settings and then go to the Manifest(Next to settings in the Blockchain API AzureAD App Properties)

Set the manifest entry oauth2allowimplicitflow to True Save Configuration.

That’s it, now we need to test the API, you can download Postman to test the API, the configuration of Postman is a little bit long, I would prefer that you sign up free on this service: https://www.wintellectnow.com/Videos/Watch?videoId=blockchain-on-azure

Use Code: FREETRIAL to sign up – It will require a credit card but it won’t be charged, use any prepaid or postpaid card, but watching this video is highly recommended, specially at minute 53 as it explains how to use the API with Postman (Remember to disable the trial to prevent the card from being charged after 7 days 😊)

Here is a sample Token generated using the built in Auth Sample code that comes with Azure Blockchain Samples on Gethub (You can download this from here: https://github.com/Azure-Samples/blockchain/tree/master/blockchain-workbench/auth-samples/bearer-token-retrieval/static ), if you are going to test using it, you must add http://localhost to the Reply URLs above and you have to place it on your localhost IIS)

And here is a sample from Postman which shows how the token is added to the request header:

Here is the response before the authorization token:

Once the authorization token is available, here is the response that is generated once I call the API indicated in the GET Section in the image above:

Also, here is the response headers after a successful authorization:

To sum it up, the #blockchain API requires #OAuth2 authentication token, this token isn’t passed using Swagger UI or the application you built, you need to modify your application to authenticate to AAD OAuth2 to obtain a Token from AzureAD, then you need to use this generated token in the request header to the API in order to call the API.

One additional tip, don’t select the default machine size while creating workbench, but choose better performance machines like: VM Size: Standard F2s_v2 (2 vcpus, 4 GB memory) ==> approx.. 50 USD per month .

Discussion on Microsoft tech community site

The original Post of the Author

Answer 2

We are currently experiencing an outage in South Central US https://azure.microsoft.com/en-us/status/

Azure AD is also impacted.

You will want to monitor the Azure Status Page for further updates. Unfortunately we cannot do anything until the problem has been mitigated by engineering. After the issue has been mitigated and if you are still seeing issues let us know.