Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Green_Eagle
New Member

ODATA sends unencrypted HTTP request even though the service is HTTPS

‎07-06-2022 12:30 AM

Greeetings.

 

We are attempting to consume an ODATA feed using basic authentication. 

Even though we have configured the HTTPS URL of the service (see figure 1 and figure 2), PowerBI seems to invoke the $metadata service using plain HTTP, and places the basic authentication header in the request (see figure 3), resulting in a possible security issue.

 

Is there any way to force PowerBI to respect HTTPS in all requests?

 

Figure 1: Configuring the ODATA feed

Green_Eagle_0-1657095211103.png

 

 

Figure 2: Configuring credentials

Green_Eagle_1-1657095218491.png

 

 

Figure 3: Output from "sniffer tool"

cap3.png

Labels:
Message 1 of 3
324 Views
2 REPLIES 2
v-jingzhang
Community Support
Community Support

‎07-11-2022 12:07 AM

Hi @Green_Eagle 

 

Based on my test, the basic authentication info "username:password" will be encoded and passed to the Authorization option in headers. If I use an access token to connect to an API, it is also passed to Authorization option. 

 

I'm not sure how to force it to respect HTTPS. Below is an old thread about basic authentication, hope it would be helpful. 

https://community.powerbi.com/t5/Desktop/Odata-feed-URL-basic-authentication/m-p/606088 

 

Best Regards,
Community Support Team _ Jing

Message 2 of 3
256 Views
0
Green_Eagle
New Member
In response to v-jingzhang

‎07-22-2022 08:09 AM

Thanks for your answer @v-jingzhang 

 

Configuring an HTTPS service and having Excel/PowerBI sending messages thru HTTP sounds like a serious security issue...

 

Do you know what would be the proper channel to escalate this issue?

Message 3 of 3
246 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All