Error accessing DataStream since Azure migration
We are currently unable to make DataStream calls on a server that has been migrated to an Azure VM. The error we receive is:
ThomsonReuters.DswsApi.DSException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
We have been using DataStream from our onprem servers without any issues but since migration have been encountering theese errors. How do we go about authorising calls from these servers?
Best Answer
-
Hi @mark.green01,
Can you confirm that your system is using TLS 1.2 as specified in this question? Also, can you please try to run the QuickStart code as provided in this sample.
This DSWS .NET tutorial can also help in troubleshooting.
0
Answers
-
when we talk about It looks like you're encountering a 403 Forbidden error after migrating your DataStream integration to an Azure VM. This error typically indicates an issue with authentication or authorization.
The error message suggests that the client is attempting to authenticate using the Anonymous authentication scheme, which is likely being rejected by the DataStream API.
Since the migration to Azure, there may be new network rules or restrictions in place (e.g., IP whitelisting) that could be blocking your requests.
Azure Virtual Machines may have different outbound network settings or security policies compared to your on-premises servers.
Ensure that your API client (the code making the call to DataStream) is using the correct authentication scheme. The error suggests it's trying to use Anonymous authentication, which may not be allowed.
Check if your DataStream API calls require specific authentication, such as OAuth or API keys. Ensure that any credentials, tokens, or certificates required are properly configured in your Azure environment.
DataStream services might have IP whitelisting or specific network restrictions that allowed your on-premises server to connect, but not your Azure VM.
Check with Thomson Reuters if there are any specific IP ranges that need to be whitelisted for Azure. You may need to provide the outbound IP address of your Azure VM (which can be found in the Azure Portal under your VM’s Networking section).
If necessary, configure static public IP addresses for your Azure VM or subnet.
If you’re unsure how to handle complex network configurations or security settings, it may be beneficial to work with an Azure migration consultant. They can assist with configuring secure environments, ensuring proper network routing, and optimizing the migration to Azure.
A consultant can also help evaluate your Azure Network Security Groups (NSGs), VPNs, and firewall rules to ensure that your Azure VM is properly connected to external services like DataStream.
Ensure that outbound traffic from your Azure VM is not blocked by any Network Security Groups (NSGs) or firewall rules. Review your NSG rules to make sure port 80 (HTTP) and 443 (HTTPS) traffic is allowed.
If using a Virtual Network with a firewall or VPN, verify that the necessary routes and rules are in place to allow external traffic to DataStream.
Verify that the DataStream endpoint URL you are calling has not changed or requires a different setup in Azure. It may be possible that certain regions or environments require a different endpoint for Azure VMs.
Enable logging for the service making the DataStream API calls to capture more detailed information. This may help identify whether the issue is related to authentication tokens, incorrect headers, or network failures.
Ensure that the Azure VM is configured to use the appropriate TLS/SSL version required by DataStream. Some APIs reject connections over outdated TLS versions, so check if DataStream requires TLS 1.2 or 1.3 and ensure that the server supports it.
If you are using WCF or a custom HTTP client to call DataStream, ensure that the proper credentials are passed with the request. Here's a basic example using HttpClient with authentication:
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", "your_access_token");
HttpResponseMessage response = await client.GetAsync("https://datastream.api.endpoint");
Replace
"Bearer"
and"your_access_token"
with the correct authentication method required by DataStream.0
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛