Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Greeetings.
We are attempting to consume an ODATA feed using basic authentication.
Even though we have configured the HTTPS URL of the service (see figure 1 and figure 2), PowerBI seems to invoke the $metadata service using plain HTTP, and places the basic authentication header in the request (see figure 3), resulting in a possible security issue.
Is there any way to force PowerBI to respect HTTPS in all requests?
Figure 1: Configuring the ODATA feed
Figure 2: Configuring credentials
Figure 3: Output from "sniffer tool"
Hi @Green_Eagle
Based on my test, the basic authentication info "username:password" will be encoded and passed to the Authorization option in headers. If I use an access token to connect to an API, it is also passed to Authorization option.
I'm not sure how to force it to respect HTTPS. Below is an old thread about basic authentication, hope it would be helpful.
https://community.powerbi.com/t5/Desktop/Odata-feed-URL-basic-authentication/m-p/606088
Best Regards,
Community Support Team _ Jing
Thanks for your answer @v-jingzhang
Configuring an HTTPS service and having Excel/PowerBI sending messages thru HTTP sounds like a serious security issue...
Do you know what would be the proper channel to escalate this issue?
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
113 | |
99 | |
80 | |
70 | |
59 |
User | Count |
---|---|
150 | |
119 | |
104 | |
87 | |
67 |