0

Instead of SDK am directly calling azure iot provisioning rest api to enroll device and then register it.

Enroll call to rest api works fine but register call fails with error

""Authorization required, resend request using supplied key""

  • gives me keyname and authenticationkey in error response.

I intercepted using fiddler how sdk makes register call and noted that sdk first gets 401 with above error and then it reissues another request which succeeds.

Currently am generating sas token based on shared keyname and primary key of azure dps.

I have windows app which will call this webapi to enroll+register the device in one call. I pass registrationid, tpmendoresmentkey, storagekey to api. This api internally makes 2 httpclient calls to azure rest api :

  1. to enroll the device as individual enrollment.
  2. to register device

Please help with any ideas or pointers that help understand resolve it.

krishnakumar
  • 617
  • 1
  • 6
  • 22

1 Answers1

1

I can reproduce this behavior when I trying register the TPM device. After investing the source code for handling the TPM device register, in my option, this is a feature by design. You can refer link below to see the SDK check the response and generate the SAS token by the key return by the response:

TpmDelegatingHandler#L27L64

I would suggest you using Azuire IoT Device Provision Service SDK if it possible since it is real convent for developers. If you only able to use the REST, you can refer the code in the link above to generate the SAS token and send a register device retry request using that token.

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • we decided to put register call in desktop app and its out of api.. thanks – krishnakumar May 03 '18 at 21:02
  • Do you have any pointers to resources that will help understand DeviceClient->tpm interactions. what is stored in tpm, how tpm helps in secure talk with rest api etc. thanks ! – krishnakumar May 04 '18 at 11:21