0

When I rewrite the API Management Basic Authentication for several reasons, I have the below error and retired the fix.

Is anyone who knows the right API Management policies? Thank you.

The Policies

<policies>
    <inbound>
        <set-variable name="isAuthOk" 
value="@{
    string[] value;
    BasicAuthCredentials credit;
  if (context.Request.Headers.TryGetValue("Authorization", out value))
  {
     if(TryParseBasic(value[0], out credit)){
        if(credit.UserId == "nelco1"){
            return true;
        }else{
            return false;
        }
     }
  }
  else
  {
    return false;
  }
}" />
        <base />
        <!-- thankx for https://stackoverflow.com/questions/49479416/api-management-basic-authentication -->
        <choose>
            <when condition="@(context.Variables.GetValueOrDefault<bool>("isAuthOk"))">
            </when>
            <otherwise>
                <return-response>
                    <set-status code="401" reason="Unauthorized" />
                    <set-header name="WWW-Authenticate" exists-action="override">
                        <value>Basic realm="ohhhhhhhhh"</value>
                    </set-header>
                    <set-body>Wrong username or password</set-body>
                </return-response>
            </otherwise>
        </choose>
        <set-backend-service id="apim-generated-policy" backend-id="preaddresscode2" />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

I have the error when I saved the above policies

One or more fields contain incorrect values:
Error in element 'set-variable' on line 3, column 10: The name 'TryParseBasic' does not exist in the current context

MS Docs

https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions

The method 'TryParseBasic' exists in the document.

user20380119or0118
  • 83
  • 11

1 Answers1

1

Thank you @Thomas. It worked when I implemented it referring to the JWT token.

I retired using TryParseBasic instead of AsBasic. 

<policies>
    <inbound>
        <set-backend-service id="apim-generated-policy" backend-id="preaddresscode2" />
        <rewrite-uri template="/HttpTrigger1" />
        <set-variable name="isAuthOk" value="@{
    string[] value;
  if (context.Request.Headers.TryGetValue("Authorization", out value))
  {
    BasicAuthCredentials credit = context.Request.Headers.GetValueOrDefault("Authorization","").AsBasic();
    if(credit == null){
        return false;
    }
    switch(credit.UserId){
        case "UUUUUU1":
            // it seems an ugly implementation.
            if(credit.Password.Equals("PPPPPP1")){
                return true;
            }
        case "UUUUUU2":
            if(credit.Password.Equals("PPPPPP2")){
                return true;
            }
        break;
            default:
        break;        
    }
    return false;
  }
  else
  {
    return false;
  }
  return true;
        }" />
        <base />
        <choose>
            <when condition="@(context.Variables.GetValueOrDefault<bool>("isAuthOk"))" />
            <otherwise>
                <return-response>
                    <set-status code="401" reason="Unauthorized" />
                    <set-header name="WWW-Authenticate" exists-action="override">
                        <value>Basic realm="someRealm"</value>
                    </set-header>
                    <set-body>Wrong username or password</set-body>
                </return-response>
            </otherwise>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>
user20380119or0118
  • 83
  • 11