DUO Admin Auth Issues

Question

Im trying to build an C# application that adds a user automatically to DUO.

The documentation is not clear on how to do this online.

Here is the code im using

            var client = new HttpClient();
            var Request = new HttpRequestMessage(HttpMethod.Post, "https://api-2cf9xxxx.duosecurity.com/admin/v1/users");

            Request.Content = new StringContent(string.Empty, Encoding.Unicode, "application/x-www-form-urlencoded");
            Request.Headers.Add("X-Duo-Date", DuoDate);
            Request.Headers.Add("Authorization","Basic " + val);

            Request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
            {{"username:",ADAccountNameStr}});

            Request.Headers.Add("Host", DuoHostname);

            var response = await client.SendAsync(Request,HttpCompletionOption.ResponseHeadersRead);
                        
            var responseContent = await response.Content.ReadAsStringAsync();

This is this Request and header Responses

Tue, 22 Nov 2022 15:19:41 +0000
POST
api-2cxxxxx.duosecurity.com
/admin/v1/users
username:jdoe
Method: POST, RequestUri: 'https://api-2cfxxxxx.duosecurity.com/admin/v1/users', Version: 1.1, Content: System.Net.Http.FormUrlEncodedContent, Headers:
{
  X-Duo-Date: Tue, 22 Nov 2022 15:19:41 +0000
  Authorization: Basic RElHVEsxWTBFOERENjdJU0NVNTY6MmM0NWU4MDBhNzkyOGE3YmY5NjBlNDI0MDI3NDZjYzY1Y2MzYzhkYQ==
  Host: api-2cfxxxxxx.duosecurity.com
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 16
}
StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: keep-alive
  Date: Tue, 22 Nov 2022 15:19:41 GMT
  Server: Duo/1.0
  Content-Length: 86
  Content-Type: application/json
}

And the error that im getting is

"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"

Can anyone see where im going wrong, the only thing that seems oncorrect is the content length.

Duo documentation is pretty clear on how to construct their Authentication header - https://duo.com/docs/adminapi#authentication. What are you using as your `val` ? — Nikita Chayka, Nov 22 '22 at 16:01
check the response, val is = to what is after authorization : basic * — Foadi, Nov 22 '22 at 23:07
I see that, I mean - how exactly you calculate that value, you are not showing the most important part of your code — Nikita Chayka, Nov 23 '22 at 09:30
System.Text.UTF8Encoding myEncoder = new System.Text.UTF8Encoding(); byte[] Key = myEncoder.GetBytes(secret_key); byte[] Text = myEncoder.GetBytes(APIRequest); System.Security.Cryptography.HMACSHA1 myHMACSHA1 = new — Foadi, Nov 23 '22 at 09:50
System.Security.Cryptography.HMACSHA1(Key); byte[] HashCode = myHMACSHA1.ComputeHash(Text); string hash = BitConverter.ToString(HashCode).Replace("-", ""); string hash1 = hash.ToLower(); string hmac = client_key + ":" + hash1; var plainTextBytes = System.Text.Encoding.ASCII.GetBytes(hmac); string val = System.Convert.ToBase64String(plainTextBytes); — Foadi, Nov 23 '22 at 09:50
Why you doing Replace in has, also has.ToLower(), verify that you correctly getting info from APIRequest according to instructions, what I would do - in DUO documenation they are providing concrete example of how Auth header should look like with specific request and keys (in bottom of DUO Auth section), so if you could run the algorithm using that example and compare resulted Auth header that would give you an idea — Nikita Chayka, Nov 23 '22 at 10:38
the conversion to HMAC changes the hash key to uppercase. Furthermore using my code and an online HMAC tool, the hmac is different to what is on their example. Not everyone is a code guru and will undersetand what to do when by lookng at an image they have provided, they just you an image of how it should be, and not how it was done. so in my eyes that is not helpful. if you have an example of code that works then please share, if you do not, then please do not forward me to read articles that I have read a million time. Thanks — Foadi, Nov 23 '22 at 12:32

DUO Admin Auth Issues

0 Answers0