无法使用 Azure APIM 交互式门户向后端 API 发送测试请求
[英]Unable to send test requests to backend APIs using the Azure APIM interactive portal
问题描述
Using the Azure portal, I'm unable to send test requests to the Echo API (and all other backend APIs).
使用 Azure 门户,我无法向 Echo API(以及所有其他后端 API)发送测试请求。
When sending a request, I'm getting the following error:发送请求时,出现以下错误:
HTTP/1.1 401 Access Denied
cache-control: private, s-maxage=0
content-length: 152
content-type: application/json
date: Tue, 12 Apr 2022 05:13:28 GMT
vary: Origin
www-authenticate: AzureApiManagementKey realm="https://AAAA.azure-api.net/echo",name="Ocp-Apim-Subscription-Key",type="header"
{
"statusCode": 401,
"message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API."
}
The request works fine when I tick the “Bypass CORS proxy” checkbox and through Postman.
当我勾选“绕过 CORS 代理”复选框并通过 Postman 时,请求工作正常。
I have the following global inbound CORS policy:我有以下全球入站 CORS 政策:
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://AAAA.developer.azure-api.net</origin>
<origin>https://AAAA.azure-api.net</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
</inbound>
<backend>
<forward-request />
</backend>
<outbound />
<on-error />
</policies>
and the inbound base policy set on the Echo API.以及在 Echo API 上设置的入站基本策略。
I haven't expereinced this problem previously.我以前没有遇到过这个问题。 Any ideas how I can bupass the CORS error while submitting test request in the APIM portal?在 APIM 门户中提交测试请求时,有什么想法可以避免 CORS 错误吗?
3 个解决方案
解决方案1
1 2022-04-12 10:11:34
HTTP/1.1 401 Access Denied
www-authenticate: AzureApiManagementKey realm="https://AAAA.azure-api.net/echo",name="Ocp-Apim-Subscription-Key",type="header"
"message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API."
In this Troubleshooting Steps of Unauthorized errors (401) while invoking APIs in Azure, it is mentioned clearly:在Troubleshooting Steps of Unauthorized errors (401) while invoking APIs in Azure中,明确提到:
- Due to Wrong
Ocp-Apim-Subscription-Key, this error occurs.由于错误Ocp-Apim-Subscription-Key,出现了这个错误。
When you create the APIM, the Echo API is subscribed to built-in subscriptions by default.创建 APIM 时,Echo API 默认订阅内置订阅。 Each subscription has two subscription keys that can be used.每个订阅都有两个可以使用的订阅密钥。
Scenario 1 :场景 1 :
By default, Echo API is registered to the Built-in all-access subscription so it will work perfectly until the subscription key is matched:默认情况下,Echo API 已注册到内置全访问订阅,因此在订阅密钥匹配之前它将完美运行:
Scenario 2:场景 2:
There are 2 more product subscriptions that come by default when an APIM instance is created which are Starter and Unlimited.创建 APIM 实例时,默认情况下还有 2 个产品订阅,即 Starter 和 Unlimited。
When the API is subscribed to that product subscriptions, then the subscription key passing in the header should match with the Original Product Subscription Keys available in the Subscriptions Menu.当 API 订阅该产品订阅时,传入 header 的订阅密钥应与订阅菜单中提供的原始产品订阅密钥相匹配。
Here, the Echo API is subscribed to both the products Starter and Unlimited as shown in 1st Image.在这里,Echo API 订阅了产品 Starter 和 Unlimited,如第一张图片所示。 That Product Subscriptions has given with some permissions called Administrators, Developers and Guests.
该产品订阅已授予一些权限,称为管理员、开发人员和来宾。 Any one among these should have on the user to access the APIs subscribed these products.其中任何一个都应该让用户访问订阅这些产品的 API。
In the 3rd Image, you can see what APIs are subscribed to Starter Product like Echo API.在第三张图片中,您可以看到哪些 API 订阅了入门产品,例如 Echo API。
If any of the above workaround did not solve the issue, please refer the troubleshooting steps doc provided that shows all of the causes that produces this specific error 401 Unauthorized and Missing the Subscription Key along with the resolution.如果上述任何解决方法未能解决问题,请参阅提供的故障排除步骤文档,其中显示了产生此特定错误401 Unauthorized and Missing the Subscription Key的所有原因以及解决方法。
解决方案2
0 2022-04-12 13:05:27
ByPass CORS option allows the requests originating from any domain. ByPass CORS 选项允许来自任何域的请求。 Sometime, allowing the cross-domain access also fixes the issue.有时,允许跨域访问也可以解决问题。 Try Azure Cross-domain policy as given below to allow access from 'any' domain (you can specify your domain too).尝试如下所示的 Azure 跨域策略以允许从“任何”域访问(您也可以指定您的域)。
<cross-domain>
<cross-domain-policy>
<allow-http-request-headers-from domain='*' headers='*' />
</cross-domain-policy>
For details refer MS documentation on managing cross domain access: https://learn.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies有关详细信息,请参阅有关管理跨域访问的 MS 文档: https://learn.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies
解决方案3
0 已采纳 2022-04-22 03:14:55
I have engaged with Microsoft on this and they are investigating the issue.我已就此与 Microsoft 进行了接触,他们正在调查此问题。 As per MS initial investigation “Microsoft Defender for Cloud Apps" creates a Proxy that intercepts all requests going out of Azure portal and it seem like MCAS proxy is either removing or modifying headers from the outgoing request thus causing this behaviour. Microsoft has pointed to the following document for reference: Troubleshooting - What is cas.ms, mcas.ms, or mcas-gov.us? . MS has advised that they don't have any ETA for the fix and that they are investigating further. Their recommendation is to check the Bypass CORS proxy option as workaround for the time being.根据 MS 的初步调查,“Microsoft Defender for Cloud Apps”创建了一个代理,拦截所有从 Azure 门户发出的请求,看起来 MCAS 代理正在从传出请求中删除或修改标头,从而导致此行为。微软指出以下文档供参考: 故障排除 - 什么是 cas.ms、mcas.ms 或 mcas-gov.us?。MS表示他们没有任何修复的 ETA,并且他们正在进一步调查。他们的建议是暂时检查绕过 CORS 代理选项作为解决方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.