5

I want to access NiFi and do some actions through external web application created in C# using proxy user request. For that,

I have created C# web application and hosted as secure connection(https).

I need to access NiFi components using its REST API service without authorization token. Added C# web application certificate into NiFi truststore and added certificate name as user (CN=machineName) in NiFi. Also, added "proxy user request" policy for the newly added user.

In C# web application, added "X-ProxiedEntitiesChain = <username>" in header while requesting NiFi API. But it returns "unknown user" error in response. Please find the sample code below,

var httpWebReq=(HttpWebRequest)WebRequest.Create("https://testhost:8080/nifi-api/access");
httpWebReq.Headers["X-ProxiedEntitiesChain"] = "<username>";
httpWebReq.Method = "GET";
var response = (HttpWebResponse)httpWebReq.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return responseString;
Nijandhan
  • 185
  • 1
  • 11
  • 2
    In your example, is `` the literal string you are using, or is it a placeholder? If a placeholder, is it set dynamically (based on an actual end user of the C# application) or is it a static user? The reason I ask is that it could be that your web application, via its TLS certificate, is being correctly authenticated, but the user it is proxying, `username` in your example, is not a known user to NiFi. To help determine where the authentication check is failing, can you share the full error message and stack trace (from nifi=app.log) for the failed authentication? – kevdoran Jul 10 '18 at 13:50
  • @kevdoran There is no error message logged in nifi-app.log file. But in C# console application, i'm getting this error "The remote server returned an error: (401) Unauthorized." – Nijandhan Jul 11 '18 at 07:00
  • 401 Unauthorized indicates that the client cannot be authenticated, because the client credentials are missing or invalid (eg, unknown user). What authentication mechanism did you configure for your secured NiFi instance? – kevdoran Jul 11 '18 at 15:23

1 Answers1

1

Based on the available information the most likely problem is that you are not using a properly authorized user.

Check that you are using the proper username, and confirm that it is actually authorized for access.

(And of course make sure you don't just pass the string "username")

Dennis Jaheruddin
  • 21,208
  • 8
  • 66
  • 122