I created a Service Bus / Notification Hub in my Azure Portal.
Now I'm trying to use the Azure REST API with Postman based on this doc :
https://msdn.microsoft.com/en-us/library/azure/dn223265.aspx
Here is the Postman configuration I have :
It's a POST method of the following url (Create Registration)
https://mysite.servicebus.windows.net/mysite-notif/registrations/?api-version=2015-01
(I replaced with mysite in that url for privacy reasons)
In the Headers, I typed 2 entries :
Content-Type
application/atom+xml;type=entry;charset=utf-8
Authorization
Endpoint=sb://[mysite].servicebus.windows.net/;SharedAccessKeyName=DefaultFullSharedAccessSignature;SharedAccessKey=[mykey]
(this Connection information I copied from the Azure portal)
In the Body, I chose raw - XML(txt/xml) and pasted :
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
<content type="application/xml">
<WindowsRegistrationDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect">
<Tags>myTag, myOtherTag</Tags>
<ChannelUri>{ChannelUri}</ChannelUri>
</WindowsRegistrationDescription>
</content>
</entry>
(it's the Native registration for Windows Notification Service example)
When I send this call from within Postman, I get a 401 Error :
<Error>
<Code>401</Code>
<Detail>MalformedToken: The credentials contained in the authorization header are not in the WRAP format..TrackingId:ee0d87ef-6175-46a1-9b35-6c31eed6049d_G2,TimeStamp:8/13/2015 9:58:26 AM</Detail>
</Error>
What am I missing ?
Is it the Authorization tab I left on "No Auth" in Postman ?
Is it the value of the Authorization header that should be encoded like shown here ?
Creating registration ID for Azure Notification Hub via REST api
Thanks.
Here is an example of a pre-request script for postman that generates the needed header:
function getAuthHeader(resourceUri, keyName, key) {
var d = new Date();
var sinceEpoch = Math.round(d.getTime() / 1000);
var expiry = (sinceEpoch + 3600);
var stringToSign = encodeURIComponent(resourceUri) + '\n' + expiry;
var hash = CryptoJS.HmacSHA256(stringToSign, key);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var sasToken = 'SharedAccessSignature sr=' + encodeURIComponent(resourceUri) + '&sig=' + encodeURIComponent(hashInBase64) + '&se=' + expiry + '&skn=' + keyName;
return sasToken;
}
postman.setEnvironmentVariable('azure-authorization', getAuthHeader(request['url'], "mySharedAccessKeyName", "mySharedAccessKey"));
postman.setEnvironmentVariable('current-date',new Date().toUTCString());
To use it do the following:
add this pre-request script to your postman request
replace mySharedAccessKeyName , mySharedAccessKey with your credentials
add a header Authorization: {{azure-authorization}}
add a header x-ms-date: {{current-date}}
Your "Authorization" header is not correct.
As stated in the Azure Notification Hubs REST API documentation, e.g. for creating a registration, the "Authorization" header has to contain the "Token generated as specified in Shared Access Signature Authentication with Service Bus"...
The token format is specified in the documentation for Shared Access Signature Authentication with Service Bus as the following:
SharedAccessSignature sig=<signature-string>&se=<expiry>&skn=<keyName>&sr=<URL-encoded-resourceURI>
URL-encoded-resourceURI: The url you send the POST request to (in your case "https://mysite.servicebus.windows.net/mysite-notif/registrations/?api-version=2015-01")
keyName: In your case the default key name "DefaultFullSharedAccessSignature"
expiry: The expiry is represented as the number of seconds since the epoch 00:00:00 UTC on 1 January 1970.
signature-string: The signature for the SAS token is computed using the HMAC-SHA256 of a string-to-sign with the PrimaryKey property of an authorization rule. The string-to-sign consists of a resource URI and an expiry, formatted as follows:
StringToSign = <resourceURI> + "\n" + expiry;
resourceURI should be the same as URL-encoded-resourceURI (also URL encoded)
Compute the HMAC-SHA256 of StringToSign using the SAS key (what you replaces with [mykey] in your example). Use the URL encoded result for signature-string then.
After spending over an hour trying to understand why the steps above didn't work, I realized if you are using the code from https://code.msdn.microsoft.com/Shared-Access-Signature-0a88adf8 It has two things that are not defined at the top of the code. Key and KeyName.
The Key is the part that alluded me because at first glance on the other post here I thought it was the same. Its not.
In Azure: Go to your Notification Hub, Then Click > Settings> Access Policies then on the Policy that has Manage Permission. Add a policy if you need to. Once you Click on the Access Policy. It shows Connection String, Primary and Secondary. Copy the Primary to your Clipboard and throw it in notepad. It will look something like this..
Endpoint=sb://mysite.servicebus.windows.net/;SharedAccessKeyName=DefaultFullSharedAccessSignature;SharedAccessKey=hc7qZ+pMG6zltjmASDFrskZO+Yv52D55KQUxUTSO0og=
SharedAccessKeyName = KeyName
SharedAccessKey = Key
Yea it looks obvious all spelled out here but you cannot see this information in AZURE portal unless you copy it.
So Just to be totally Clear, in the header you generate the key "sig" by combining + "\n" + expiry which Baris did point out, but then you sign it with the Key not the KeyName..
I may sounds like an idiot spelling this out but this process is not an easy one.
Hope it helps someone else.
Baris Akar's response is mostly correct, except for one omission that, for whatever reason, is also not mentioned in the relevant documentation: the signature parameter (i.e., the signature-string in sig=) must be Base64 encoded!
You have to remove "\"" in Token String like below.
authorizationString = resultA.replaceAll("\"","");
From
"SharedAccessSignature sr=https%3a%2f%2fmshub.servicebus.windows.net%2f&sig=PFZVab43PMsO0q9gz4%2bFsuaQq%5ff05L4M7hKVBN8DEn0%3d&se=1553339810&skn=RootManageSharedAccessKey"
To
SharedAccessSignature sr=https%3a%2f%2fmshub.servicebus.windows.net%2f&sig=PFZVab43PMsO0q9gz4%2bFsuaQq%5ff05L4M7hKVBN8DEn0%3d&se=1553339810&skn=RootManageSharedAccessKey
Good luck.
See the following documentation from Microsoft to generate a SAS Token.
This token you can use in Postman.
Generate SAS Token (NodeJs, Java, etc.)
Like Jérôme, I also used the example at https://code.msdn.microsoft.com/Shared-Access-Signature-0a88adf8 to generate the token and I also found out that the .NET-generated token worked. I compared the .NET-generated token with my ruby-generated token and found that URI.escape did not encode the last character (an '=' sign) of my base64 hash. It also did not encode '+' signs. Adding the string '=+' to the function fixed the problem: URI.escape(hmacb64, '=+')
(I don't know if there are other characters that should be identified here.)
It also took me quite some time to figure out a way to generate the SAS tokens in Go.
I created a gist which shows how to generate those tokens:
https://gist.github.com/dennis-tra/14c63e6359f17cbb504e78d6740ca465
I probably wouldn't have figured it out if had not found this repo:
https://github.com/shanepeckham/GenerateSASTokenGo/blob/master/gosas.go
Working from D-rk's code, which is probably outdated in 2022, here's an updated version that works in Postman 10.5.6 and with the Azure Notification Hub's api-version 2020-06
Postman Pre-Request Script:
function createSharedAccessToken(sb_name, eh_name, saName, saKey) {
if (!sb_name || !eh_name || !saName || !saKey) {
throw "Missing required parameter";
}
var resourceUri = encodeURIComponent("https://" + sb_name + ".servicebus.windows.net/" + eh_name)
// Set expiration in seconds
var expires = (Date.now() / 1000) + 20 * 60;
expires = Math.ceil(expires);
var toSign = CryptoJS.enc.Utf8.parse(resourceUri + '\n' + expires);
var sa_key_utf8 = CryptoJS.enc.Utf8.parse(saKey);
var hmac = CryptoJS.HmacSHA256(toSign, sa_key_utf8);
var hmacBase64 = CryptoJS.enc.Base64.stringify(hmac);
var hmacUriEncoded = encodeURIComponent(hmacBase64);
// Construct autorization string
var token = "SharedAccessSignature sr=" + resourceUri + "&sig=" + hmacUriEncoded + "&se=" + expires + "&skn="+ saName;
return token;
}
var sb_name = "your-notification-hub-namespace";
var eh_name = "your-notification-hub-name";
//See Access Policies -> Connection String
var sa_name = "your-shared-access-key-name"
var sa_key = "your-shared-access-key-name"
var auth_header = createSharedAccessToken(sb_name, eh_name, sa_name,sa_key);
pm.environment.set('azure-authorization',auth_header);
pm.environment.set('current-date',new Date().toUTCString());
Solution provided by Dirk helped me to resolve the issue.
But make sure to use SharedAccessKeyName and SharedAccessKey from a policy which has "Manage" claims access. If you have only Send and/or Listen claims, then the authentication will not work and throws an error - MalformedToken: The credentials contained in the authorization header are not in the WRAP format
My swagger UI isn't sending the authentication keys to the APIs.
I think that I've set up my swagger ui but when I check the headers they don't get sent. I have logs that tell me that the authentication keys get read in but never get sent in these request headers.
I've noticed that the clientAuthorizations field isn't updated and remains empty.
Here's the relevant code
function addApiKeyAuthorization(windowName){
log("got key from " + windowName);
var key = get('accessToken');
if(key && key.trim() != "") {
var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("api_key", key, "header");
window.windowName.api.clientAuthorizations.add("api_key", apiKeyAuth);
log("added key " + key + "from " + windowName);
}
}
Thanks!!
Problem was in my onComplete function, replace windowName with SwaggerUI and it works. I guess SwaggerUi refers to the current object while windowName doesn't
onComplete: function(swaggerApi, windowName){
addApiKeyAuthorization(windowName);
},
Im using a C# console APP to send a personalized bulk email but I found the bottleneck that if I use sequential programming I'm only able to send 1 emails per second. I've tried to create a multi-thread app but I am able to send only two emails per second.
How can I do it better?
This is a fragment of the code:
public static void MainProgram(List emails ,string cuerpo_email_en, string cuerpo_email_es)
{
//emails list is populated with 50.000 emails
DateTime timeControllerForSendingEmails = DateTime.Now;
while (emails.Count > 0)
{
if ((DateTime.Now - timeControllerForSendingEmails).TotalSeconds >= 1)
{
timeControllerForSendingEmails = DateTime.Now;
//this method gets a list of 60 emails and remove them from the main list
List<EmailEnt> queuedEmails = GetEmailsQueue(emails, 60));
Send(queuedEmails);
}
}
}
public void Send(List<EmailEnt> queuedEmails)
{
IList<Task> tasks = new List<Task>();
List<string> logLines = new List<string>();
foreach (EmailEnt emailEnt in queuedEmails)
{
string subject = "Hello {name}";
string body = "im the body;
tasks.Add(Task.Factory.StartNew(() =>
{
SendEmail(emailEnt, subject, body);
}));
}
Task.WaitAll(tasks.ToArray());
}
Any chance you are still running in 'sandbox mode'? According to AWS:
When you are in the sandbox, your sending quota is 200 messages per
24-hour period and your maximum sending rate is one message per
second. To increase your sending limits, you need to request
production access. For more information, see Requesting Production
Access to Amazon SES. After you request production access and start
sending emails, you can increase your sending limits further by
following the guidance in the Increasing Your Amazon SES Sending
Limits section.
If not, I use code similar to this to send 15+ emails second (not on SES), and it works fine:
Parallel.ForEach(mailQueue, new ParallelOptions() {MaxDegreeOfParallelism = 7}, itm=>SendEmail(itm));
which perhaps is functionally equivalent to what you are doing already, but I can say for sure it does provide much greater throughput and may be worth a try.
I`m trying to find out how to send images to my back-end server using Worklight adapters.
I know that I can send them through Worklight adapters using Base64 encoding but this implies in around 30% more traffic between the servers and some undesired processing overhead.
For now I`m using the Phonegap FileTransfer library as I show below, but this creates a directly connection between the client and the back-end server not going through Worklight server as I want.
var options = new FileUploadOptions();
options.fileKey="file";
options.fileName=imageURI.substr(imageURI.lastIndexOf('/')+1);
options.mimeType="image/jpeg";
var headers = {"Content-Type": "image/jpeg"};
options.headers = headers;
var ft = new FileTransfer();
ft.upload(imageURI, encodeURI(host + "/images"), imageUploadSuccess, imageUploadFail, options);
function imageUploadSuccess(r) {
WL.Logger.debug("Submit success! HTTP Status Code = " + r.responseCode);
WL.Logger.debug("Response = " + r.response);
WL.Logger.debug("Bytes sent = " + r.bytesSent);
$.mobile.changePage('#SuccessPage');
}
function imageUploadFail(error) {
WL.Logger.debug("submit error! source = " + error.source);
WL.Logger.debug("target = " + error.target);
$.mobile.changePage('#FailPage');
}
Is there a way that I can do that?
Thank you in advance.
-- Edit --
Another problem that occurs is that when my backend server receives the file, it seems corrupted and cannot be readed as an image.
At this time, Worklight adapters do not support sending data in binary form.
This means that currently your only option is the one you do not like, which is to base64 encode the image file and store the resulting string in the database and when you need to use it, to base64 decode it.
I have the path to a file i want to send to a rest webservice the server. I am using the xmlhttprequest object. The post is as follows:
var url = "http://localhost:8080/RestWSGS/jersey/gridsense";
var boundary = "--------------" + (new Date).getTime();
xmlHttp.open('POST', url, true);
xmlHttp.onreadystatechange = function ()
{
if (this.readyState != 4)
return;
var result =this.responseText;
document.write(result);
};
xmlHttp.setRequestHeader('Content-Type', 'multipart/form-data; boundary=' + boundary);
var part ="";
part += 'Content-Disposition: form-data; ';
part += 'name="' + document.getElementById("filename").name + '" ; ';
//alert(document.getElementById("filename").value);
part += 'filename="'+ document.getElementById("filename").value + '";\r\n';
part += "Content-Type: application/xml";
part += "\r\n\r\n"; // marks end of the headers part
part += 'filename="'+ document.getElementById("filename").value + '";\r\n';
part+= data;
var request = "--" + boundary + "\r\n";
request+= part /* + "--" + boundary + "\r\n" */;
request+= "--" + boundary + "--" + "\r\n";
alert(request);
xmlHttp.send(request);
The data i want to send is on the client local disk. I want to use the get method for it :
var str = document.getElementById("filename").value;
var data;
var xmlhttp1 = getNewHTTPObject();
xmlhttp1.open("GET",
"file:///New Folder/" +document.getElementById("filename").value , false);
xmlhttp1.send(null);
alert('hi' + xmlhttp1.status);
xmlhttp1.onreadystatechange = function() {
if (this.status == 0)
{
alert("resp " + this.responseText);
data = this.responseText;
}
}
The file:// does not work. If i put my file within the client directory and remove the file:/// then i can at least see xmlhttprequest open and give status 200 (i think ok!!). I read that for local file check status == 0 instead of readystatus == 4 so i did that but it still gives data variable as undefined and so the file does not go to the server. Initially when i had given the form action as my rest url it was uploading fine. Since I am not using html5 i cannot get the File object from the input type=file element. I want to use the xmlhttprequest object for this instead of the form element directly.
Please help me with this problem with any suggestions or hints
KAvita
Even if i do the uploading using form submission how can i use the return value of the web service. Thats the reason I need to use xmlhttpRequest. If anyone can suggest how the return value from the action is used it will be great!!
Kavita
Historically, you can't query for local files from JavaScript (or shouldn't be allowed to, or something's odd). This would be a serious breach of security.
There are only a few circumstances where you can do this, but in general they involve specific security settings requiring to be set for your browser, to either lift the limitation or to notify the current page's execution process that that is is granted this exceptional right. This is for instance doable in Firefox by editing the properties. It's also commonly OK when developing browser extensions (for instance for Chrome or FF) if they request the file access permissions.
Another way to go around this limitation is to host a local web-server, and to declare virtual hosts on it to be able to do this sort of AJAX request to fetch local files. It's quite common for web-developers to resort to this trick (more like a standard, really) to have the benefits of local development but at the same time replicate a production system. You could for instance use a lightweight web-server like Jetty.
(Another mean annoyance, that you seem to have encountered, is that some browsers - at least some relatively older FF versions, like 3.6.x - will sometimes return a positive error code like 200 when they requests are blocked according to their internal security policies. Can be pretty confusing for a while...).
Finally, the newer HTML5 APIs do provide some new constructs to access local files. Considering reading:
Reading Files in JavaScript using the File API
Exploring the FileSystem APIs
Other SO questions also provide additional pointers:
Access local files from HTML5 Desktop Application in html folder
Solutions to allowing intranet/local file access in an HTML5 application?
I use an iframe.
<div class="item" onclick="page(event)">HTML5</div>
<iframe id="page" src="">
function page(e) {
trigger = e.currentTarget.innerHTML;
docname = new String(trigger + ".txt");
document.getElementById("page").src = docname;
}
I found an easy solution.
You have to add "?application/xhtml+xml" behind your local url "file:///..".