cancel
Showing results for 
Search instead for 
Did you mean: 

Power BI desktop OData error with HTTPS and basic authentification

I am a c# developper working on an aspnetcore application for a customer.
I have developped a REST OData service (controller) in this application with basic authentication support,
and it is working fine in HTTP mode (used for development and testing purpose), from the browser (Firefox) and from PowerBI, both with authentication support.
However, whenever I try to use it with HTTPS, it works fine from the browser with authentication but there is a 404 error from PowerBI.
I have activated traces in diagnostics options and also made traces with Wireshark (attached).
Looking at the PowerBI Traces (attached), I can see that there is a switch between https to http between the call Engine.IO.OData.GetResponseStream and Engine.IO.Data.Request in MashupContainer container code (?!!!), hence the 404 error: there is no odata service on 80 port on my server, it is on 443 with TLS.
Wireshark also shows that packets are sent over HTTP with credentials in clear text.

Whatever I missed in the configuration , IMHO it looks like a bug, plus a serious concern for security: credentials should never be sent on the wire without encryption in case of end-user configuration error!

 

Best,

Alain

 

 

Screenshot from 2022-09-23 12-56-10.pngScreenshot from 2022-09-23 12-58-07.pngScreenshot from 2022-09-24 07-49-56.png

 

 

Status: Investigating

Hi @GrumpyCoder,

 

For the further help on it, please consider submitting a Power BI Support ticket.

 

The link of Power BI Support: Support | Microsoft Power BI

For how to create a support ticket, please refer to How to create a support ticket in Power BI - Microsoft Power BI Community

 

Best Regards,

Community Support Team _ Caiyun

Comments
v-cazheng-msft
Community Support
Status changed to: Investigating

Hi @GrumpyCoder,

 

For the further help on it, please consider submitting a Power BI Support ticket.

 

The link of Power BI Support: Support | Microsoft Power BI

For how to create a support ticket, please refer to How to create a support ticket in Power BI - Microsoft Power BI Community

 

Best Regards,

Community Support Team _ Caiyun

GrumpyCoder
Regular Visitor

Hi @v-cazheng-msft ,

 

Thank you for your answer,
I already posted here, and someone suggested me to fill an issue here.

 

This is not really a "power BI support" case, there is a great chance that it is a bug in PowerBI Mashup container code, and in all cases a very serious security issue : even in case something is wrong in options or setup, PowerBI should *never* ever send credential in clear (or may be for development&testing purposes with a special option somewhere), and at least warn the user that his password is sent in clear.
The only thing I can say to my customer now is "do not to use odata with power BI or excel", I will find something else for my application (export csv probably).

 

If Mashup code where open source, I would have opened a github issue, investigated it and eventually submitted a pull request (in case I could replay all unit tests).
Microsoft should consider open sourcing this part, that would be great... 🙂

 

If you know who is in charge of Mashup.Container, may be you could point them to this issue (IMHO  a killer issue for odata/powerbi).


Best,

Alain