Monthly Archives: June 2013

Azure Table Rest API errors with WinJS application

Published June 7, 2013 11:10 am

If you are using azure SDK to code to its REST API – there are lot of API nuance that is taken care by the SDK. For example – if you are coding nodejs server, or windows store application using c# that uses Azure, nodejs and .net sdk is available. For WinJS, there isn’t azure sdk.

But it shouldn’t be big deal to code directly to the REST API if the basic http lib is available. `WinJS.xhr()` is available to mimics closely what XmlHttpRequest does in the browser. Well, this holds true if the API returns meaningful errors with sufficient contextual details for the error. If that isn’t true, lot of developer(your) time is wasted debugging the error cases. Keep binging to see if other community developer hit similar issue, or parse the http packets sent — for a successful rest api call made by other tool or application – using fiddler or network monitor.

I recently saw two such errors when invoking azure table rest api to query using javascript in WinJS application.

  1. AuthenticationFailed
    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
      <code>AuthenticationFailed</code>
      <message xml:lang="en-US">Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.</message>
    </error>
  2. InvalidHeaderValue
     
    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
      <code>InvalidHeaderValue</code>
      <message xml:lang="en-US">The value for one of the HTTP headers is not in the correct format.</message>
    </error>

AuthenticationFailed was hit when the x-ms-date header was formatted incorrectly. Expected value – Thu, 06 Jun 2013 08:09:50 GMT . Value computed in the code – Thu, 6 Jun 2013 08:20:34 GMT. Note: the difference in ‘0’ prefix for the date. Because of this, the computed stringToSign for the authorization header was incorrect. For details, you can refer here.

InvalidHeaderValue was hit because MaxDataServiceVersion: '2.0;NetFx' header value was missing.

In the first case, if the REST API returned the expected and found ‘stringToSign’ parameter value in the returned error – it would help developer save order of .5 to 1day worth of debugging time. In the second case, if the returned error mentioned the missing header in the error details, again it will save 1-2 hours of debugging time.

Well, you might hit here and cause & solution of the error code for the same api might be different than this – do drop a comment with the cause & solution. If you are a developer coding REST API, do send error codes with sufficient details to save hours of developer time. Thanks for reading so far.

Securing nodejs server configuration data

Published June 3, 2013 6:05 pm

I am running the nodejs server in azure VM running win8 server, and I need to secure the configuration data. Since I am deploying the server by hand; not using azure role, manifest, iisnode integration etc – I need to figure out way for securing the configuration data.

.Net frameworks has the useful api ProtectedData.Protect and nodejs has a useful interop module edge for interop between nodejs and c# from Tomasz Janczuk @msft.

config data is earlier protected using the ProtectedData.Protect(), encoded base64 and saved to file. Code snippet below uses edge module with c# code to decrypt/unprotect the config data.

 
var edge = require('edge');
function unprotect(fileName, callback)
{
    var unprotectCsFunc = edge.func(function unprotectCsFunc()
    {/*
    #r "System.Security.dll"

    using System;
    using System.IO;
    using System.Security.Cryptography;

    async (fileName) => { 
        string cipherText = File.ReadAllText(fileName.ToString());
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        var data = ProtectedData.Unprotect(cipherBytes, null, DataProtectionScope.CurrentUser);
        return data;
    }*/});

    unprotectCsFunc(fileName, function (error, result)
    {
        callback(error, result);
    });
}

What do you use to protect configuration data for your nodejs server?