basic auth and odata feeds–Azure marketplace


Fiddler shows that excel presents basic auth credentials to enumerate datasets at the Azure marketplace “area” associated with the identity.

When we look at the management page for those credentials, they are a page – that first requires one logon to the marketplace site using websso (and a Microsoft account).

 

image

see https://datamarket.azure.com/account/keys

when we then use excel to access the marketplace data sources (having changed the default “account key’”, we see the classical basic auth challenge back to excels power query and (see above) the resulting UI that seeks input of the key (i.e. basic auth password)

 

image

 

Once we supply the password to excel, we see in fiddler a second attempt to enumerate the feeds:

image

 

We keyed the value BK1xHy4g0tg00Hd5HFPAdsikQ/mG2E8zBMioi42JDlE=, and we note that excel responds with Authorization: Basic RmVlZEtleTpCSzF4SHk0ZzB0ZzAwSGQ1SEZQQWRzaWtRL21HMkU4ekJNaW9pNDJKRGxFPQ==, whose value block is of course, once unpacked: FeedKey:BK1xHy4g0tg00Hd5HFPAdsikQ/mG2E8zBMioi42JDlE=. So now we understand that the user name is fixed, and the “basic auth” is just some password for the feed itself (not necessarily a user).

As we see from the management concept of azure marketplace, the passwords are proxies for the Microsoft account user

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in odata. Bookmark the permalink.