I was stuck error “MalformedToken: Invalid authorization header: The request is missing WRAP authorization credentials.” while configuring WCF relay in the API management application and BizTalk.
Flow is APIM -> Azure Relay -> BizTalk receive location.
Issue was coming when the APIM was trying to communicate to Azure Relay. I wasn’t sure what was the problem initially but some thing was wrong with Authorization header.
Later on i realized, by reading many msdn articles on how SAS token works. SAS Token is not SAS authorization key we see in Azure portal. SAS token needs to be generated via code as in the article https://docs.microsoft.com/en-us/rest/api/eventhub/generate-sas-token. I picked up PowerShell do it.
Also when i started using this, realized this SAS token generated is valid only for 300 secs. If you want to generate SAS token for infinite then could use 500 years as expiry time.
[Reflection.Assembly]::LoadWithPartialName(“System.Web”)| out-null
$URI=”<relay name>.servicebus.windows.net”
$Access_Policy_Name=”RootManageSharedAccessKey”
$Access_Policy_Key=”<shared access key>”
#Token expires now+300
$Expires=([DateTimeOffset]::Now.AddYears(500).ToUnixTimeSeconds())+300
$SignatureString=[System.Web.HttpUtility]::UrlEncode($URI)+ “`n” + [string]$Expires
$HMAC = New-Object System.Security.Cryptography.HMACSHA256
$HMAC.key = [Text.Encoding]::ASCII.GetBytes($Access_Policy_Key)
$Signature = $HMAC.ComputeHash([Text.Encoding]::ASCII.GetBytes($SignatureString))
$Signature = [Convert]::ToBase64String($Signature)
$SASToken = “SharedAccessSignature sr=” + [System.Web.HttpUtility]::UrlEncode($URI) + “&sig=” + [System.Web.HttpUtility]::UrlEncode($Signature) + “&se=” + $Expires + “&skn=” + $Access_Policy_Name
$SASToken
This article is valid for service bus queue, tables, storage and many azure resources using SAS token based authorization.
Techy Chalkboard in bits and pieces 