Error accessing DataStream since Azure migration

mark.green01

We are currently unable to make DataStream calls on a server that has been migrated to an Azure VM. The error we receive is:

ThomsonReuters.DswsApi.DSException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.

We have been using DataStream from our onprem servers without any issues but since migration have been encountering theese errors. How do we go about authorising calls from these servers?

Gurpreet

Hi @mark.green01,

Can you confirm that your system is using TLS 1.2 as specified in this question? Also, can you please try to run the QuickStart code as provided in this sample.

This DSWS .NET tutorial can also help in troubleshooting.

austinjoy51

when we talk about It looks like you're encountering a 403 Forbidden error after migrating your DataStream integration to an Azure VM. This error typically indicates an issue with authentication or authorization.

The error message suggests that the client is attempting to authenticate using the Anonymous authentication scheme, which is likely being rejected by the DataStream API.

Since the migration to Azure, there may be new network rules or restrictions in place (e.g., IP whitelisting) that could be blocking your requests.

Azure Virtual Machines may have different outbound network settings or security policies compared to your on-premises servers.

Ensure that your API client (the code making the call to DataStream) is using the correct authentication scheme. The error suggests it's trying to use Anonymous authentication, which may not be allowed.

Check if your DataStream API calls require specific authentication, such as OAuth or API keys. Ensure that any credentials, tokens, or certificates required are properly configured in your Azure environment.

DataStream services might have IP whitelisting or specific network restrictions that allowed your on-premises server to connect, but not your Azure VM.

Check with Thomson Reuters if there are any specific IP ranges that need to be whitelisted for Azure. You may need to provide the outbound IP address of your Azure VM (which can be found in the Azure Portal under your VM’s Networking section).

If necessary, configure static public IP addresses for your Azure VM or subnet.

If you’re unsure how to handle complex network configurations or security settings, it may be beneficial to work with an Azure migration consultant. They can assist with configuring secure environments, ensuring proper network routing, and optimizing the migration to Azure.

A consultant can also help evaluate your Azure Network Security Groups (NSGs), VPNs, and firewall rules to ensure that your Azure VM is properly connected to external services like DataStream.

Ensure that outbound traffic from your Azure VM is not blocked by any Network Security Groups (NSGs) or firewall rules. Review your NSG rules to make sure port 80 (HTTP) and 443 (HTTPS) traffic is allowed.

If using a Virtual Network with a firewall or VPN, verify that the necessary routes and rules are in place to allow external traffic to DataStream.

Verify that the DataStream endpoint URL you are calling has not changed or requires a different setup in Azure. It may be possible that certain regions or environments require a different endpoint for Azure VMs.

Enable logging for the service making the DataStream API calls to capture more detailed information. This may help identify whether the issue is related to authentication tokens, incorrect headers, or network failures.

Ensure that the Azure VM is configured to use the appropriate TLS/SSL version required by DataStream. Some APIs reject connections over outdated TLS versions, so check if DataStream requires TLS 1.2 or 1.3 and ensure that the server supports it.

If you are using WCF or a custom HTTP client to call DataStream, ensure that the proper credentials are passed with the request. Here's a basic example using HttpClient with authentication:

HttpClient client = new HttpClient();

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", "your_access_token");

HttpResponseMessage response = await client.GetAsync("https://datastream.api.endpoint");

Replace "Bearer" and "your_access_token" with the correct authentication method required by DataStream.