Cosmosdb Resource Token Authorization Header using a REST call











up vote
1
down vote

favorite












Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.



I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.



If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.



However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.



If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.



Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?



TIA






azure-cosmosdb







share|improve this question


























    up vote
    1
    down vote

    favorite












    Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.



    I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.



    If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.



    However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.



    If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.



    Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?



    TIA






    azure-cosmosdb







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.



      I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.



      If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.



      However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.



      If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.



      Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?



      TIA






      azure-cosmosdb







      share|improve this question













      Cosmosdb has the concept of a permission for a user. That permission contains a token that can be used to access a specified partition for a limited time with limited access.



      I've created a resource token broker, which creates the permission, retrieves the token and returns it to a client Xamarin Forms app. So far so good.



      If I am using the DocumentClient from the .NET SDK, that token - unmodified - works great.



      However, I'd like to avoid having a dependency on DocumentClient in my app and just instead make REST api calls directly to Cosmosdb.



      If I put that token in the authorization header, I get format errors for that header. I can't find the source code to the SDK, and all the samples are built modifying a master token.



      Can anyone explain/point/sample me on what I have to do to that resource token that I get from the permission to make it an acceptable header so I can just make a REST call?



      TIA






      azure-cosmosdb




      azure-cosmosdb






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 16 at 21:44









      nhwilly

      296211




      296211
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.



          var databaseId = "db";
          
var collectionId = "coll";
          
var datetime = DateTime.UtcNow.ToString("R");
          
var version = "2017-02-22";
          
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
          
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
          

          
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
          
Uri uri = new Uri(urlPath);
          
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          
HttpClient client = new HttpClient();
          

          
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
          
client.DefaultRequestHeaders.Add("x-ms-version", version);   
          
client.DefaultRequestHeaders.Add("Authorization", auth);
          
HttpResponseMessage response = client.SendAsync(request).Result;
          
var status = response.IsSuccessStatusCode;
          
var message = response.RequestMessage;





          share|improve this answer





















          • I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
            – nhwilly
            Nov 19 at 21:34


















          up vote
          1
          down vote













          Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.




          1. The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use WebUtility.UrlEncode(token) to get it in the right format. I spent an hour using HtmlEncode not UrlEncode. I'm an idiot.


          {UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.




          1. I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the partition key path or the partition key value. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.


          2. But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:



            client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);




          3. And you need to format the partitions variable like this:



            string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });



          And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".



          After all that it worked like a peach. Thanks, again, Jay!






          share|improve this answer



















          • 1




            It seems my answer is very imperfect. Really appreciate for your sharing!
            – Jay Gong
            Nov 20 at 1:04










          • No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
            – nhwilly
            Nov 20 at 17:05











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345837%2fcosmosdb-resource-token-authorization-header-using-a-rest-call%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted










          Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.



          var databaseId = "db";
          
var collectionId = "coll";
          
var datetime = DateTime.UtcNow.ToString("R");
          
var version = "2017-02-22";
          
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
          
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
          

          
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
          
Uri uri = new Uri(urlPath);
          
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          
HttpClient client = new HttpClient();
          

          
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
          
client.DefaultRequestHeaders.Add("x-ms-version", version);   
          
client.DefaultRequestHeaders.Add("Authorization", auth);
          
HttpResponseMessage response = client.SendAsync(request).Result;
          
var status = response.IsSuccessStatusCode;
          
var message = response.RequestMessage;





          share|improve this answer





















          • I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
            – nhwilly
            Nov 19 at 21:34















          up vote
          1
          down vote



          accepted










          Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.



          var databaseId = "db";
          
var collectionId = "coll";
          
var datetime = DateTime.UtcNow.ToString("R");
          
var version = "2017-02-22";
          
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
          
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
          

          
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
          
Uri uri = new Uri(urlPath);
          
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          
HttpClient client = new HttpClient();
          

          
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
          
client.DefaultRequestHeaders.Add("x-ms-version", version);   
          
client.DefaultRequestHeaders.Add("Authorization", auth);
          
HttpResponseMessage response = client.SendAsync(request).Result;
          
var status = response.IsSuccessStatusCode;
          
var message = response.RequestMessage;





          share|improve this answer





















          • I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
            – nhwilly
            Nov 19 at 21:34













          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.



          var databaseId = "db";
          
var collectionId = "coll";
          
var datetime = DateTime.UtcNow.ToString("R");
          
var version = "2017-02-22";
          
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
          
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
          

          
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
          
Uri uri = new Uri(urlPath);
          
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          
HttpClient client = new HttpClient();
          

          
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
          
client.DefaultRequestHeaders.Add("x-ms-version", version);   
          
client.DefaultRequestHeaders.Add("Authorization", auth);
          
HttpResponseMessage response = client.SendAsync(request).Result;
          
var status = response.IsSuccessStatusCode;
          
var message = response.RequestMessage;





          share|improve this answer












          Based on your description, I think you already know how to get resource token. All your jobs are good except the resource token format. You need to urlencode your resource token then your code will be fine. I tested it successfully.



          var databaseId = "db";
          
var collectionId = "coll";
          
var datetime = DateTime.UtcNow.ToString("R");
          
var version = "2017-02-22";
          
var resourceId = $"dbs/{databaseId}/colls/{collectionId}";
          
var auth = "type%3Dresource%26ver%3D1%26sig%3Dny%2BUlL6QIWR69OfiaSjTsw%3D%3D%3B%2Ba%2FwmK37zLn%2FoilfztnXpfyCN3n9tChunmpBdROF8BH4**********************oU0BJ4z8aDZT%2F%2FgTVJ0hgpXTK8UYMOrL5di3he9wbvQwFkFOdpXD7%2B%2Byhmb1uUOnq%2Fyp454O2fQKR8uA3KaiLCCjYZ6qr%2BQ%2BTV1Cu1u%2F6Yj34nc4UYtpRBX5K************qCGjhvpQ%3D%3D%3B";
          

          
var urlPath = $"https://***.documents.azure.com/dbs/db/colls/coll/docs/1";
          
Uri uri = new Uri(urlPath);
          
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          
HttpClient client = new HttpClient();
          

          
client.DefaultRequestHeaders.Add("x-ms-date", datetime);
          
client.DefaultRequestHeaders.Add("x-ms-version", version);   
          
client.DefaultRequestHeaders.Add("Authorization", auth);
          
HttpResponseMessage response = client.SendAsync(request).Result;
          
var status = response.IsSuccessStatusCode;
          
var message = response.RequestMessage;






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 19 at 9:12









          Jay Gong

          7,7571512




          7,7571512












          • I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
            – nhwilly
            Nov 19 at 21:34


















          • I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
            – nhwilly
            Nov 19 at 21:34
















          I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
          – nhwilly
          Nov 19 at 21:34




          I marked this as the answer as no one was really willing to take a shot at this, so that you, Jay, for that one. I'm going to try to add some more facts to the answer, though.
          – nhwilly
          Nov 19 at 21:34












          up vote
          1
          down vote













          Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.




          1. The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use WebUtility.UrlEncode(token) to get it in the right format. I spent an hour using HtmlEncode not UrlEncode. I'm an idiot.


          {UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.




          1. I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the partition key path or the partition key value. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.


          2. But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:



            client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);




          3. And you need to format the partitions variable like this:



            string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });



          And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".



          After all that it worked like a peach. Thanks, again, Jay!






          share|improve this answer



















          • 1




            It seems my answer is very imperfect. Really appreciate for your sharing!
            – Jay Gong
            Nov 20 at 1:04










          • No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
            – nhwilly
            Nov 20 at 17:05















          up vote
          1
          down vote













          Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.




          1. The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use WebUtility.UrlEncode(token) to get it in the right format. I spent an hour using HtmlEncode not UrlEncode. I'm an idiot.


          {UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.




          1. I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the partition key path or the partition key value. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.


          2. But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:



            client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);




          3. And you need to format the partitions variable like this:



            string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });



          And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".



          After all that it worked like a peach. Thanks, again, Jay!






          share|improve this answer



















          • 1




            It seems my answer is very imperfect. Really appreciate for your sharing!
            – Jay Gong
            Nov 20 at 1:04










          • No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
            – nhwilly
            Nov 20 at 17:05













          up vote
          1
          down vote










          up vote
          1
          down vote









          Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.




          1. The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use WebUtility.UrlEncode(token) to get it in the right format. I spent an hour using HtmlEncode not UrlEncode. I'm an idiot.


          {UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.




          1. I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the partition key path or the partition key value. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.


          2. But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:



            client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);




          3. And you need to format the partitions variable like this:



            string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });



          And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".



          After all that it worked like a peach. Thanks, again, Jay!






          share|improve this answer














          Jay's solution was correct. I was missing a couple of parts. This entry is for any poor devil facing the same things.




          1. The token that actually comes back from Cosmosdb in the permission object is not encoded, as Jay pointed out. As of .Net Core 2.x you need to use WebUtility.UrlEncode(token) to get it in the right format. I spent an hour using HtmlEncode not UrlEncode. I'm an idiot.


          {UPDATE: I'm even dumber than originally thought. You have to use HttpUtility.UrlEncode, not WebUtility.UrlEncode. This is because they encode differently. WebUtility ends up with stuff like %3D while HttpUtility encodes it %3d. That's not important except when it comes to auth tokens. When I ran Fiddler on a DocumentClient call I noticed the tokens contains lower cased encoding values.} So ignore #1 above and use HttpUtility instead.




          1. I mentioned that I was using partitions in the original question, but Jay's answer didn't cover that, so I was still failing. I was specifying a partition key, but it's not clear from the docs whether that's the partition key path or the partition key value. And that's not obvious if you believe that the permission token will contain a permission key value when it's created. No way to know what's going on under the covers. Trial and error. My personal fav.


          2. But the less than obvious kicker is the format of the partition key. If you are limiting the permission to a partition then you need to specify the partition in the header, like this:



            client.DefaultRequestHeaders.Add("x-ms-documentdb-partitionkey", partitions);




          3. And you need to format the partitions variable like this:



            string json = JsonConvert.SerializeObject(new { "b39bcd43-8d3d-*********-4e4492fa3e7d" });



          And that's because Cosmodb is expecting an array of partition keys, even though it only accepts on partition key in the list (as I understand it anyway). If you don't want to use JsonConvert you can build it manually, using $"["{yourPartitionKey}"]".



          After all that it worked like a peach. Thanks, again, Jay!







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 9 at 19:19

























          answered Nov 19 at 22:44









          nhwilly

          296211




          296211








          • 1




            It seems my answer is very imperfect. Really appreciate for your sharing!
            – Jay Gong
            Nov 20 at 1:04










          • No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
            – nhwilly
            Nov 20 at 17:05














          • 1




            It seems my answer is very imperfect. Really appreciate for your sharing!
            – Jay Gong
            Nov 20 at 1:04










          • No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
            – nhwilly
            Nov 20 at 17:05








          1




          1




          It seems my answer is very imperfect. Really appreciate for your sharing!
          – Jay Gong
          Nov 20 at 1:04




          It seems my answer is very imperfect. Really appreciate for your sharing!
          – Jay Gong
          Nov 20 at 1:04












          No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
          – nhwilly
          Nov 20 at 17:05




          No, man, it was great. I was really struggling that it was even possible and the error codes were not helpful at all. You proving to me it could be done was what broke the ice.
          – nhwilly
          Nov 20 at 17:05


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345837%2fcosmosdb-resource-token-authorization-header-using-a-rest-call%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Costa Masnaga

          Image
          .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
          Read more

          Fotorealismo

          Image
          Guerrino Boatto, Venice's St. Barnaba Church and canal Il fotorealismo è un genere di pittura basato sull'uso di una o più fotografie dalle quali l'artista prende le informazioni necessarie da utilizzare poi nel processo della creazione dell'opera, in genere ad olio o ad acrilico, al fine di avere un aspetto finale il più simile possibile alla fotografia. Indice 1 Storia 2 Lista dei fotorealisti 3 Note 4 Voci correlate 5 Altri progetti Storia | Il fotorealismo è un movimento che nasce negli Stati Uniti d'America alla fine degli anni sessanta [1] sulla scia della Pop Art [2] [3] [4] , e insieme condividono il carattere reazionario verso la travolgente ascesa dei media, che alla metà del ventesimo secolo si trasforma in un fenomeno di massa talmente imponente da minacciare il valore dell'immagine nell'arte. [5] [6] Ne consegue così che, colto il gesto d'inizio che fu della Pop Art, i fotorealisti aprono ad un
          Read more

          Sidney Franklin

          Image
          Questa voce sull'argomento registi statunitensi è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Sidney Franklin, foto di Carl Van Vechten Oscar alla memoria Irving G. Thalberg 1943 Sidney Franklin , all'anagrafe Sidney Arnold Franklin , (San Francisco, 21 marzo 1893 – Santa Monica, 18 maggio 1972), è stato un regista, produttore cinematografico e attore statunitense. Il 20 giugno 1963, si sposò con l'attrice australiana Enid Bennett. Il matrimonio durò fino alla morte dell'attrice, il 14 maggio 1969 [1] Indice 1 Filmografia 1.1 Regista 1.2 Aiuto regia (parziale) 1.3 Produttore 1.4 Attore (parziale) 2 Note 3 Altri progetti 4 Collegamenti esterni Filmografia | Regista | The Baby , co-regia Chester M. Franklin (1915) The Rivals , co-regia Chester M. Franklin (1915) Little Dick's First Case , co-regia Chester M. Franklin (1915) Her Filmland Hero , co-
          Read more