Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account creation fails behind proxy server #25746

Closed
gnugnug opened this issue Jul 15, 2024 · 5 comments
Closed

Account creation fails behind proxy server #25746

gnugnug opened this issue Jul 15, 2024 · 5 comments
Assignees
@lewis-sanchez

Comments

@gnugnug
Copy link

gnugnug commented Jul 15, 2024

  • Azure Data Studio Version: Latest stable 1.48.1
  • OS Version: All Windows versions

Steps to Reproduce:

  1. Install Azure Data Studio (ADS) on a computer which accesses the internet through an explicit proxy server. For simplicitys sake we use a proxy without any authentication or TLS interception.
  2. Set the enrivonment variables HTTP_PROXY=http://<proxyserver&gt>:<proxyport&gt> und HTTPS_PROXY=http://<proxyserver&gt>:<proxyport&gt> in the Windows system properties
  3. Open ADS
  4. Start Wireshark or another packet capture program and let it capture all connections to the proxy server
  5. Click "Add an account" to create an Azure account in ADS
  6. The local service providers website on http://127.0.0.1 will be opened in your webbrowser, which redirects you to your IDP, which redirects you back to http://127.0.0.1. Then a GET request will be made to https://management.azure.com/tenants?api-version=2019-11-01 and the proxy server will respond to it with an error (Bad request, Bad wateway).

Cause:

When looking at the connections in Wireshark you can see the following request to the proxy server:
GET https://management.azure.com/tenants?api-version=2019-11-01 HTTP/1.1
This is a violation of the HTTP specification in RFC 7230: To fetch an object via HTTPS through an HTTP proxy, the CONNECT method must be used. The correct syntax is:

CONNECT management.azure.com:443 HTTP/1.1
<Establish a TLS connection...>
<Then the HTTP request is sent within the encrypted tunnel...>

There are countless bug reports in the issue tracker of Axios (eg axios/axios#4531) about this behavior.

Possible workarounds:

Delete the https_proxy and HTTPS_PROXY environment variables and keep only http_proxy OR HTTP_PROXY. Then Axios (at least in the currently used version 1.6.2) will create correct HTTPS proxy requests.
If you need the environment variables for other applications under the same user account, you can dynamically remove them before starting ADS in a batch file:

set https_proxy=
"C:\Program Files\Azure Data Studio\azuredatastudio.exe"

Possible solutions:

  1. Do not use Axios.
  2. Pass another proxy agent into Axios instead of using the built-in agent.
  3. Dynamically unset https_proxy and HTTPS_PROXY environment variables before calling Axios.
@andrewholler
Copy link

andrewholler commented Dec 20, 2024
edited
Loading

This is still a relevant issue for me as well

172.27.177.138 user1 - invalid_request DENIED "Technology/Internet" - 400 TCP_NC_MISS GET - https management.azure.com 443 /tenants ?api-version=2019-11-01 - "axios/1.6.2" xxx.xxx.xxx.xxx 1194 7683 - "none" "none" 4.150.241.10 2

@andrewholler
Copy link

Will this also be addressed by #26137 @lewis-sanchez?

@lewis-sanchez
Copy link
Contributor

@andrewholler, it should be addressed by #26137

@andrewholler
Copy link

andrewholler commented Jan 29, 2025
edited
Loading

This succeeds with release 1.51.0! Thank you!

@lewis-sanchez lewis-sanchez self-assigned this Jan 30, 2025
@lewis-sanchez
Copy link
Contributor

Hi @gnugnug, this should be in fixed in the Azure Data Studio version 1.51.0. The PR with the fix: #26137

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lewis-sanchez lewis-sanchez

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewholler @gnugnug @lewis-sanchez