Proxmox API Console Wrapper with .NET & noVNC: WebSocket 401 Unauthorized Issu

[Mujtaba Hasan]

Hello,


I am creating a wrapper for the Proxmox API to use the VM console. My setup is as follows:

• Backend: .NET API hosted locally on the same server as Proxmox (not publicly accessible).
• Frontend: Angular application using the noVNC client to connect to the VM console.

Problem:

1. When I call the vncproxy API from my .NET backend, it times out after 10 seconds.
2. Within 10 seconds, I fetch the WebSocket URL (format: wss://...) and attempt to connect via noVNC.
3. The WebSocket connection fails with 401 Unauthorized.
4. Testing via Postman:
   
   • A POST request of vncproxy & Get request websocket returns the port successfully.
   • Changing the request to a WebSocket request with wss://... results in 401 Unauthorized.

Questions:

• How should I properly forward or handle Proxmox authentication tokens from my .NET API to the frontend for noVNC?
• Are there recommended ways to use a local-only .NET API as a proxy for WebSocket connections to Proxmox?
• Could the 10-second timeout be related to ticket expiration or the way WebSocket URLs are issued?

Any guidance or examples for integrating Proxmox console via noVNC through a local .NET API would be highly appreciated.


Thanks in advance!

 

[dcsapak]

currently, the websocket connection to the pve api also requires a valid user cookie to be set, and not a token (not sure how exactly you handle authentication in your client/proxy)
but this will change soon (since we also need token access for consoles on pdm) see https://lore.proxmox.com/pdm-devel/20251111082938.221008-1-f.gruenbichler@proxmox.com/ for details

 

[Mujtaba Hasan]

currently, the websocket connection to the pve api also requires a valid user cookie to be set, and not a token (not sure how exactly you handle authentication in your client/proxy)
but this will change soon (since we also need token access for consoles on pdm) see https://lore.proxmox.com/pdm-devel/20251111082938.221008-1-f.gruenbichler@proxmox.com/ for details

I’m already sending a valid cookie along with the WebSocket request. Here’s how I’m handling it in my .NET API:


// Get Proxmox WebSocket URL for the VM
var result = await _proxmoxService.GetConsoleUrlAsync(new ConsoleRequest
{
ConsoleType = "kvm",
VmId = vmid,
VmName = $"VM-{vmid}"
}) as ConsoleUrlResponse;

var proxmoxWebSocketUrl = result.WebSocketUrl;



if (HttpContext.WebSockets.IsWebSocketRequest)
{
using var clientWebSocket = await HttpContext.WebSockets.AcceptWebSocketAsync();

// Connect to Proxmox VNC WebSocket
var proxmoxWs = new ClientWebSocket();
proxmoxWs.Options.SetRequestHeader("Cookie",
$"PVEAuthCookie=result.VncTicket"); //vnc ticket from vncproxy i also use cookie which i send to get vnc ticket but still same

var client = new ClientWebSocket();
client.Options.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;

await client.ConnectAsync(new Uri(proxmoxWebSocketUrl), CancellationToken.None);
}

i generate link link of wss like this


// var consoleUrl = $"https://{proxmoxHost}?{queryString}";
// var websocketUrl = $"wss://{proxmoxHost}/api2/json/nodes/{_node}/qemu/{param.VmId}/vncwebsocket?port={vncResponse.Data.Port}&vncticket={HttpUtility.UrlEncode(vncTicket)}";

 

[dcsapak]

$"PVEAuthCookie=result.VncTicket"); //vnc ticket from vncproxy i also use cookie which i send to get vnc ticket but still same

the PVEAuthCookie has to be a regular pve ticket for users, not the vncticket.
the vncticket has to be a parameter to the vncwebsocket api call (AFAIR)

 

[Mujtaba Hasan]

the PVEAuthCookie has to be a regular pve ticket for users, not the vncticket.
the vncticket has to be a parameter to the vncwebsocket api call (AFAIR)

yes i tried both when passing cookie PVEAuthCookie=PVE:*****@pam:****8760::s e it working on postman with get request and return port, but i want wss link when i process same thing with websocket request so it return 401 i need wss link to show in my angular vnc client app