basic auth and odata feeds–Azure marketplace

Fiddler shows that excel presents basic auth credentials to enumerate datasets at the Azure marketplace “area” associated with the identity.

When we look at the management page for those credentials, they are a page – that first requires one logon to the marketplace site using websso (and a Microsoft account).




when we then use excel to access the marketplace data sources (having changed the default “account key’”, we see the classical basic auth challenge back to excels power query and (see above) the resulting UI that seeks input of the key (i.e. basic auth password)




Once we supply the password to excel, we see in fiddler a second attempt to enumerate the feeds:



We keyed the value BK1xHy4g0tg00Hd5HFPAdsikQ/mG2E8zBMioi42JDlE=, and we note that excel responds with Authorization: Basic RmVlZEtleTpCSzF4SHk0ZzB0ZzAwSGQ1SEZQQWRzaWtRL21HMkU4ekJNaW9pNDJKRGxFPQ==, whose value block is of course, once unpacked: FeedKey:BK1xHy4g0tg00Hd5HFPAdsikQ/mG2E8zBMioi42JDlE=. So now we understand that the user name is fixed, and the “basic auth” is just some password for the feed itself (not necessarily a user).

As we see from the management concept of azure marketplace, the passwords are proxies for the Microsoft account user


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in odata. Bookmark the permalink.