Authentication failed. The ‘Authorization’ header is missing – Invoke-WebRequest Azure ARM

While building an automation procedure I had to POST the management API of Azure.

Invoke-WebRequest -Uri https://management.azure.com/subscriptions/pool/xxx/xxxx/xxxx/xxxx -Method POST

When I used the Invoke-WebRequest without Authentication it failed. The error that you will get when you do not have Authentication headers set can be found below.

Invoke-WebRequest: {"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}

In order to authenticate with azure you can get an access-token using az cli.

az account get-access-token

The output will look like the below output:

{
  "accessToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxVG-hTDHECYJxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-B5FA9l9RvqOls3iaDDYw5O86acvLIwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-ixxxxxxxxxxxxxxxxx3eoeKlxZfxxxxxxxxxxfGW2O6oA",
  "expiresOn": "2022-05-05 14:51:08.000000",
  "subscription": "a23eef11-f200-4722-866c-248ca45142f6",
  "tenant": "1efa646f-3fc3-4554-bd8c-651879a2b110",
  "tokenType": "Bearer"
}

You should take the output of the token and use it on your call.

For example using POSTMAN you should place your token under the Authorization tab. You will then be able to get the result from Azure ARM api.

InvalidAuthenticationToken “message”:”The access token is invalid.” – Powershell

The below sample code will make an HTTP call using powershell with Authorization headers. However when you run the code it will fail.

$token =  az account get-access-token | ConvertFrom-Json
$mytoken =  $token.accesstoken
$headers = @{ Authorization = "Bearer $token.accesstoken" }
echo $headers
Invoke-RestMethod -Method Get -Uri "https://management.azure.com/subscriptions/xxxxx/resourceGroups/resource-group/providers/Microsoft.Sql/servers/sql-server?api-version=2020-11-01-preview" -Headers $headers -UseBasicParsing

This is an error occuring on powershell as the $token.accesstoken is not correctly parsed. In order to resolve either use a new variable and assign the value on it ($mytoken)

$headers = @{ Authorization = "Bearer $mytoken" }

Authenticate to Azure management API using az cli

A quick an easy way to authenticate on Azure management API is to use az cli get-access-token command and use this as a Bearer token on your API calls.

Given that you want to access https://management.azure.com/subscriptions/api you can use:

$token =  az account get-access-token | ConvertFrom-Json

You can then get the access token with $token.accesstoken

Finally you can use this token as a Bearer token on your API calls

$headers = @{ Authorization = "Bearer $token.accesstoken" }

Powershell -Contains does not evaluate string with Get-Content

When using powershell contains method you should be aware of the type of the object that is used.

Lets examine the below string which was used with contains on a powershell script.

Processed 384 pages for database ‘restore’, file ‘restore’ on file 1.
Processed 2 pages for database ‘restore’, file ‘restore_log’ on file 1.
RESTORE DATABASE successfully processed 386 pages in 0.004 seconds (752.929 MB/sec).

The string was stored on $result variable and I wanted to capture if a specific string was included in the variable. Although the string is included in the variable the result was false.

After investigating I was able to figure that the object type of the $result variable was an object and Contains could not evaluate successfully

In this situation you would have to cast the object on a string data type to evaluate correctly.

For example when using Get-Content you could cast to a string like below.

[string]$result = Get-Content C:\Users\galexiou\Desktop\2.txt

Then the object type will be of type string

The evaluation will work as expected.