COSMOSDB - Unable to query with newly generated resourcetoken (.NET)
See original GitHub issueIssue Transfer
This issue has been transferred from the Azure SDK for .NET repository, #33545.
Please be aware that @iprashantp is the author of the original issue and include them for any questions or replies.
Details
-
Package Name: Microsoft.Azure.Cosmos
-
Package Version: 3.12.0
-
Operating system: Windows
-
Is the bug related to documentation in
- SDK API docs on MS Docs
Describe the bug Unable to perform CRUD with newly generated resource token with ALL permissions.
private async Task RefreshResourceToken(String user, PermissionMode permission)
{
CosmosClient client = new CosmosClient(Program.EndpointUri, Program.PrimaryKey, new CosmosClientOptions() { ApplicationName = "CosmosDBDotnetQuickstart" });
Database db = client.GetDatabase(this.databaseId);
User userId = db.GetUser(user);
Container container = db.GetContainer(this.containerId);
PermissionResponse permissionResponse;
PermissionProperties permissionPropertiesproperties = new(
id: "permission01read",
permissionMode: permission,
container: container
);
//permissionResponse = await userId.CreatePermissionAsync(permissionPropertiesproperties);
permissionResponse = await userId.UpsertPermissionAsync(permissionPropertiesproperties);
this.ResourceToken = permissionResponse.Resource.Token;
this.cosmosClient = new CosmosClient(accountEndpoint: Program.EndpointUri, authKeyOrResourceToken: this.ResourceToken);
await this.CreateDatabaseAsync();
await this.CreateContainerAsync();
await this.ScaleContainerAsync();
}
To Reproduce Steps to reproduce the behavior:
- Created a user,
- Created Permission with read or ALL permission,
- From permission fetched the resource token, stored it.
- Using the resource token, create cosmos client and use it with the permissions it has.
- Once the resource token expires, create another resource token as shown in the function, with ALL permissions.
- Unable to query because of the following issue:
Reason: (**Insufficient permissions provided in the authorization header for the corresponding request. Please retry with another authorization header.**
ActivityId: 6c04888e-ded2-4723-a576-51c3a4ef5958, Microsoft.Azure.Documents.Common/2.14.0, Please see CosmosDiagnostics, Windows/10.0.22621 cosmos-netstandard-sdk/3.11.4);
Expected behavior Should be able to perform CRUD with the newly generated resource token.
Issue Analytics
- State:
- Created 8 months ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Unable to query with newly generated resourcetoken (.NET ...
Using the resource token, create cosmos client and use it with the permissions it has. Once the resource token expires, create another resource...
Read more >Cosmos Client creation with resource token - Microsoft Q&A
So we have to re-instantiate CosmosClient with a new resource token. This way we are unable to keep CosmosClient as Singleton (as recommended ......
Read more >unable to create new container in cosmos db
I created my first cosmos db database. In that database, I created a container name person with pid as the partition key. Now...
Read more >Using resource tokens with Azure Cosmos DB - YouTube
NET Standard 06:50 - Exploring the token provider implementation 10:44 - Cosmos DB keys versus resource tokens 12:02 - Demo Acquiring token ...
Read more >Troubleshoot an application using the Azure Cosmos DB ...
NET script; Run a script to create menu-driven options to insert and delete ... Go to the newly created Azure Cosmos DB account...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks. We can close this one.
By definition that would not work, right? Your permissions are scoped to a Container, if you are trying to do operations outside of the Container (for example, creating a Database), that should fail and it’s expected, because the scope is outside the Container you selected, isn’t it?