Cosmosdb Resource Token Authorization Header using a REST call
Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.
I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.
If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.
However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.
If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.
Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?
TIA
azure-cosmosdb asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
add a comment |
Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.
I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.
If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.
However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.
If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.
Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?
TIA
azure-cosmosdb asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
add a comment |
Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.
I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.
If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.
However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.
If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.
Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?
TIA
azure-cosmosdb asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.
I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.
If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.
However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.
If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.
Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?
TIA
azure-cosmosdb azure-cosmosdb asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
asked Nov 16 '18 at 21:44
nhwillynhwilly
301211
301211
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.
var databaseId = "db";
var collectionId = "coll";
var datetime = DateTime.UtcNow.ToString("R");
var version = "2017-02-22";
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
Uri uri = new Uri(urlPath);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
client.DefaultRequestHeaders.Add("x-ms-version", version);
client.DefaultRequestHeaders.Add("Authorization", auth);
HttpResponseMessage response = client.SendAsync(request).Result;
var status = response.IsSuccessStatusCode;
var message = response.RequestMessage;
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
add a comment |
Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.
- The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use
WebUtility.UrlEncode(token)to get it in the right format. I spent an hour usingHtmlEncodenotUrlEncode. I'm an idiot.
{UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.
- I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the
partition keypath or thepartition keyvalue. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.
But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:
client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);
And you need to format the
partitionsvariable like this:
string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });
And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".
After all that it worked like a peach. Thanks, again, Jay!
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345837%2fcosmosdb-resource-token-authorization-header-using-a-rest-call%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.
var databaseId = "db";
var collectionId = "coll";
var datetime = DateTime.UtcNow.ToString("R");
var version = "2017-02-22";
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
Uri uri = new Uri(urlPath);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
client.DefaultRequestHeaders.Add("x-ms-version", version);
client.DefaultRequestHeaders.Add("Authorization", auth);
HttpResponseMessage response = client.SendAsync(request).Result;
var status = response.IsSuccessStatusCode;
var message = response.RequestMessage;
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
add a comment |
Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.
var databaseId = "db";
var collectionId = "coll";
var datetime = DateTime.UtcNow.ToString("R");
var version = "2017-02-22";
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
Uri uri = new Uri(urlPath);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
client.DefaultRequestHeaders.Add("x-ms-version", version);
client.DefaultRequestHeaders.Add("Authorization", auth);
HttpResponseMessage response = client.SendAsync(request).Result;
var status = response.IsSuccessStatusCode;
var message = response.RequestMessage;
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
add a comment |
Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.
var databaseId = "db";
var collectionId = "coll";
var datetime = DateTime.UtcNow.ToString("R");
var version = "2017-02-22";
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
Uri uri = new Uri(urlPath);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
client.DefaultRequestHeaders.Add("x-ms-version", version);
client.DefaultRequestHeaders.Add("Authorization", auth);
HttpResponseMessage response = client.SendAsync(request).Result;
var status = response.IsSuccessStatusCode;
var message = response.RequestMessage;
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.
var databaseId = "db";
var collectionId = "coll";
var datetime = DateTime.UtcNow.ToString("R");
var version = "2017-02-22";
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
Uri uri = new Uri(urlPath);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
client.DefaultRequestHeaders.Add("x-ms-version", version);
client.DefaultRequestHeaders.Add("Authorization", auth);
HttpResponseMessage response = client.SendAsync(request).Result;
var status = response.IsSuccessStatusCode;
var message = response.RequestMessage;
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
answered Nov 19 '18 at 9:12
Jay GongJay Gong
8,5751512
8,5751512
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
add a comment |
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
– nhwilly
Nov 19 '18 at 21:34
add a comment |
Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.
- The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use
WebUtility.UrlEncode(token)to get it in the right format. I spent an hour usingHtmlEncodenotUrlEncode. I'm an idiot.
{UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.
- I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the
partition keypath or thepartition keyvalue. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.
But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:
client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);
And you need to format the
partitionsvariable like this:
string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });
And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".
After all that it worked like a peach. Thanks, again, Jay!
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
add a comment |
Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.
- The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use
WebUtility.UrlEncode(token)to get it in the right format. I spent an hour usingHtmlEncodenotUrlEncode. I'm an idiot.
{UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.
- I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the
partition keypath or thepartition keyvalue. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.
But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:
client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);
And you need to format the
partitionsvariable like this:
string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });
And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".
After all that it worked like a peach. Thanks, again, Jay!
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
add a comment |
Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.
- The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use
WebUtility.UrlEncode(token)to get it in the right format. I spent an hour usingHtmlEncodenotUrlEncode. I'm an idiot.
{UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.
- I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the
partition keypath or thepartition keyvalue. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.
But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:
client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);
And you need to format the
partitionsvariable like this:
string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });
And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".
After all that it worked like a peach. Thanks, again, Jay!
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.
- The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use
WebUtility.UrlEncode(token)to get it in the right format. I spent an hour usingHtmlEncodenotUrlEncode. I'm an idiot.
{UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.
- I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the
partition keypath or thepartition keyvalue. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.
But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:
client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);
And you need to format the
partitionsvariable like this:
string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });
And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".
After all that it worked like a peach. Thanks, again, Jay!
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
edited Dec 9 '18 at 19:19
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
answered Nov 19 '18 at 22:44
nhwillynhwilly
301211
301211
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
add a comment |
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
1
1
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
It seems my answer is very imperfect. Really appreciate for your sharing!
– Jay Gong
Nov 20 '18 at 1:04
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
– nhwilly
Nov 20 '18 at 17:05
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345837%2fcosmosdb-resource-token-authorization-header-using-a-rest-call%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
