CODEWITHSUNDEEP
c#azureazure-application-insights
Joost
Joost

Reputation: 131

Authorization Error when Sending Telemetry to Azure Application Insights via REST endpoint

I have encountered an issue when the local authentication in Azure application insights is disabled, leading to problems with logging telemetry to Azure Application Insights directly from the front-end. To overcome this limitation and ensure seamless integration of front-end and back-end logging, I decided to implement a Telemetry Proxy Controller in our .NET Core API project. However, I am currently facing an authorization error when attempting to send telemetry data through the proxy controller.

Here's the code for my TelemetryProxyController:

using System;
using System.IO;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using IdentityModel.Client;
using Microsoft.ApplicationInsights;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;

namespace Reporting.API.Controllers
{
    [Route("api/[controller]")]
    [AllowAnonymous]
    [ApiController]
    public class TelemetryProxyController : ControllerBase
    {
        public TelemetryProxyController(IConfiguration configuration)
        {
            _client = new HttpClient();

            _configuration =
                configuration ?? throw new ArgumentNullException(nameof(configuration));
        }

        private static readonly string _appInsightsEndpoint =
            "https://dc.services.visualstudio.com/v2/track";
        private readonly HttpClient _client;
        private readonly IConfiguration _configuration;

        [HttpPost]
        public async Task Post(CancellationToken cancellationToken)
        {
            var credential = new DefaultAzureCredential();
            var scope = "https://monitor.azure.com//.default";

            var token = await credential.GetTokenAsync(
                new TokenRequestContext(new[] { scope }),
                cancellationToken
            );

            var request = new HttpRequestMessage
            {
                RequestUri = new Uri(_appInsightsEndpoint),
                Method = HttpMethod.Post,
                Content = new StreamContent(Request.Body)
            };

            foreach (var header in Request.Headers)
            {
                request.Content.Headers.TryAddWithoutValidation(header.Key, header.Value.ToArray());
            }

            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.Token);

            var response = await _client.SendAsync(request, cancellationToken);

            using var streamReader = new StreamReader(
                await response.Content.ReadAsStreamAsync(cancellationToken)
            );
            string result = await streamReader.ReadToEndAsync();
            await Response.WriteAsync(result, cancellationToken: cancellationToken);
        }
    }
}

Here's an example of the telemetry payload I'm sending:

[{"time":"2023-07-17T14:09:11.157Z","iKey":"00000000-0000-0000-0000-000000000000","name":"Microsoft.ApplicationInsights.2214063857374902a13cfbe145ee961c.Pageview","tags":{"ai.user.id":"XXXX","ai.session.id":"00000000-0000-0000-0000-000000000000","ai.device.id":"browser","ai.device.type":"Browser","ai.operation.name":"dashboard","ai.operation.id":"78bd3140ac724066a5d7ca41b78f5509","ai.internal.sdkVersion":"javascript:2.8.10","ai.internal.snippet":"-"},"data":{"baseType":"PageviewData","baseData":{"ver":2,"name":"next / dashboard","url":"https://next.ourcompany.nl/","duration":"00:00:00.623","properties":{"refUri":"","duration":"623"},"measurements":{},"id":"78bd3140ac724066a5d7ca41b78f5509"}}}]

When sending a telemetry payload to this Telemetry Proxy Controller, I receive the following error response:

{"itemsReceived":1,"itemsAccepted":0,"errors":[{"index":0,"statusCode":400,"message":"Authorization not supported"}],"appId":"00000000-0000-0000-0000-000000000000"}

I have verified that the required Azure AD credentials JWT is working. The jwt from .GetToken() includes a scope with monitor.azure.com

What could be the cause of this "Authorization not supported" error? How can I troubleshoot and resolve this issue?

Upvotes: 0

Views: 411

Answers (1)

silent
silent

Reputation: 16198

From here it sounds like you need to adjust your URL to

private static readonly string _appInsightsEndpoint =
        "https://dc.services.visualstudio.com/v2.1/track";

Btw, is there a reason why don't just use the SDK instead of building request yourself?

Upvotes: 0

Related Questions