{"id":100879,"date":"2019-09-23T18:25:20","date_gmt":"2019-09-23T18:25:20","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/aspnet\/?p=22570"},"modified":"2019-09-23T18:25:20","modified_gmt":"2019-09-23T18:25:20","slug":"setting-http-header-attributes-to-enable-azure-authentication-authorization-using-httprepl","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2019\/09\/23\/setting-http-header-attributes-to-enable-azure-authentication-authorization-using-httprepl\/","title":{"rendered":"Setting HTTP header attributes to enable Azure authentication\/authorization using HTTPRepl"},"content":{"rendered":"
\n
\n
\"Angelos<\/p>\n

Angelos<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n

September 23rd, 2019<\/p>\n<\/p><\/div>\n

<\/p>\n

Posted on behalf of Ahmed Metwally<\/h5>\n

The HTTP Read-Eval-Print Loop (REPL) is a lightweight, cross-platform command-line tool that\u2019s supported everywhere .NET Core is supported. It\u2019s used for making HTTP requests to test ASP.NET Core web APIs and view their results. You can use the HTTPRepl to navigate and interrogate any API in the same manner that you would navigate a set of folders on a file system. If the service that you are testing has a swagger.json<\/em> file, specifying that file to HTTPRepl will enable auto-completion.\n<\/p>\n

To install the HTTP REPL, run the following command:\n<\/p>\n

>dotnet tool install -g Microsoft.dotnet-httprepl\n<\/code><\/pre>\n
\n
For more information on how to use HTTPRepl, read Angelos\u2019 post on the ASP.NET blog. As we continue to improve the tool, we look to add new commands to facilitate the use of HTTPRepl with different types of secure API services. As of this release, HTTPRepl supports authentication and authorization schemes achievable through header manipulation, like basic, bearer token, and digest authentication. For example, to use a bearer token to authenticate to a service, use the command \u201cset header\u201d. Set the \u201cAuthorization\u201d header to the bearer token value using the following command:\n<\/p>\n
>set header Authorization \u201cbearer <token_value>\u201d\n<\/code><\/pre>\n
And replace <token_value><\/em> with your authorization bearer token for the service. Don\u2019t forget to use the quotation marks to wrap the word bearer<\/em> along with the <token_value><\/em> in the same literal string. Otherwise, the tool will treat them as two different values and will fail to set the header properly. To ensure that the header in the HTTP request is being formatted as expected, enable echoing using the \u201cecho on\u201d command.\n<\/p>\n
 Using the \u201cset header\u201d command, you can leverage HTTPRepl to test and navigate any secure REST API service including your Azure-hosted API services or the Azure Management API. To access a secure service hosted on Azure, you need a bearer token. Get a bearer token for your Azure subscription, using the Azure CLI to get an access token for the required Azure subscription<\/a>:\n<\/p>\n
>az login\n<\/code><\/pre>\n
Copy your subscription ID from the Azure portal<\/a> and paste it in the \u201caz account set\u201d command:\n<\/p>\n
>az account set --subscription \"<subscription ID>\" >az account get-access-token { \"accessToken\": \"<access_token_will_be_displayed_here>\", \"expiresOn\": \"<expiry date\/time will be displayed here>\", \"subscription\": \"<subscription ID>\", \"tenant\": \"<tenant ID>\", \"tokenType\": \"Bearer\" } <\/code><\/pre>\n
Copy the text that appears in place of <access_token_will_be_displayed_here>.<\/strong> This is your access token. Finally, run HTTPRepl:\n<\/p>\n
>httprepl\n(disconnected)~ connect https:\/\/management.azure.com\nUsing a base address of https:\/\/management.azure.com\/\nUnable to find a swagger definition\nhttps:\/\/management.azure.com\/~ set header Authorization \"bearer <em>&lt;paste_token_here&gt;<\/em>\"\nhttps:\/\/management.azure.com\/~ cd subscriptions\nhttps:\/\/management.azure.com\/subscriptions\/~ cd <subscription_ID>\n<\/code><\/pre>\n
For example, to search for a list of your Azure app services<\/a>, issue the \u201cget\u201d command for the list of sites through the Microsoft web provider:\n<\/p>\n
 https:\/\/management.azure.com\/subscriptions\/<subscription_ID>\/~ get providers\/Microsoft.Web\/sites?api-version=2016-08-01 HTTP\/1.1 200 OK Cache-Control: no-cache Content-Length: 35948 Content-Type: application\/json; charset=utf-8 Date: Thu, 19 Sep 2019 23:04:03 GMT Expires: -1 Pragma: no-cache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff x-ms-correlation-request-id: <em>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx<\/em> x-ms-original-request-ids: <em>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx<\/em> x-ms-ratelimit-remaining-subscription-reads: 11999 x-ms-request-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx x-ms-routing-request-id: WESTUS:xxxxxxxxxxxxxxxx:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx { \"value\": [\n<list of azure resources> ] } https:\/\/management.azure.com\/subscriptions\/<subscription_ID>\/~\n<\/code><\/pre>\n
 You can use the full list of Azure REST APIs to browse and manage services in your Azure subscriptions. For more details on how HTTPRepl works, please check the ASPNET blog. To use HTTPRepl, download and install the global tool from the .NET Core CLI.\n<\/p>\n
Give us feedback<\/h2>\n
 It\u2019s not HTTPie, it\u2019s not Curl, but it\u2019s also not PostMan. It\u2019s something that you run and stays running and its aware of its current context. We find this experience valuable, but ultimately what matters the most is what you think. Please let us know your opinion by leaving comments below or on GitHub<\/a>.\n<\/p>\n
\n
 Ahmed Metwally, Sr. Program Manager, .NET dev tools @ahmedMsft<\/a>Ahmed is a Program Manager on the .NET tooling team focused on improving web development for .NET developers.<\/p>\n
\n
\"Angelos<\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
Angelos September 23rd, 2019 Posted on behalf of Ahmed Metwally The HTTP Read-Eval-Print Loop (REPL) is a lightweight, cross-platform command-line tool that\u2019s supported everywhere .NET Core is supported. It\u2019s used for making HTTP requests to test ASP.NET Core web APIs and view their results. You can use the HTTPRepl to navigate and interrogate any API […]<\/p>\n","protected":false},"author":2,"featured_media":100880,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[66,1],"tags":[102],"class_list":["post-100879","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-webdev","category-uncategorized","tag-uncategorized"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/100879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=100879"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/100879\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/100880"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=100879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=100879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=100879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}