Signature did not match. String to sign used was r

Question

Trying to Construct a Shared Access Signature URI for a Blob access in a container

BlobHelper BlobHelper = new BlobHelper(StorageAccount, StorageKey);

string signature = "";

string signedstart = DateTime.UtcNow.AddMinutes(-1).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
string signedexpiry = DateTime.UtcNow.AddMinutes(2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");

//// SET CONTAINER LEVEL ACCESS POLICY
string accessPolicyXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
                    "<SignedIdentifiers>\n" +
                    "  <SignedIdentifier>\n" +
                    "    <Id>twominutepolicy</Id>\n" +
                    "    <AccessPolicy>\n" +
                    "      <Start>" + signedstart + "</Start>\n" +
                    "      <Expiry>" + signedexpiry + "</Expiry>\n" +
                    "      <Permission>r</Permission>\n" +
                    "    </AccessPolicy>\n" +
                    "  </SignedIdentifier>\n" +
                    "</SignedIdentifiers>\n";


BlobHelper.SetContainerAccessPolicy("xxxxxxx", "container", accessPolicyXml));

string canonicalizedresource = "/xxxxxxx/501362787";


string StringToSign = String.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
        "r",
        signedstart,
        signedexpiry,
        canonicalizedresource,
        "twominutepolicy",
        "2013-08-15",
        "rscc",
        "rscd",
        "rsce",
        "rscl", 
        "rsct"
        );




using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(StorageKey)))
{
    Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
    signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
}

StringBuilder sasToken = new StringBuilder();

sasToken.Append(BlobHelper.DecodeFrom64(e.Item.ToolTip).ToString().Replace("http","https") + "?");

//signedversion
sasToken.Append("sv=2013-08-15&");

sasToken.Append("sr=b&");
//
sasToken.Append("si=twominutepolicy&");
sasToken.Append("sig=" + signature + "&");
//
sasToken.Append("st=" + HttpUtility.UrlEncode(signedstart).ToUpper() + "&");
//
sasToken.Append("se=" + HttpUtility.UrlEncode(signedexpiry).ToUpper() + "&");
//
sasToken.Append("sp=r");

string url = sasToken.ToString();

I am getting the following exception below

<Error>
    <Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:e424e1ac-fd96-4557-866a-992fc8c41841 Time:2014-05-22T18:46:15.3436786Z</Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was r 2014-05-22T18:45:06Z 2014-05-22T18:48:06Z /xxxxxxx/501362787/State.SearchResults.pdf twominutepolicy 2013-08-15 </AuthenticationErrorDetail>
</Error>

Answer 1

rscc, rscd, rsce, rscl, rsct are placeholders for overridden response headers. Your sasToken variable does not seem to override response headers, so you should just use empty strings with a new-line character when signing them. Moreover, it looks like your canonicalized resource also does not match the server's resource.

By the way, did you look at Azure Storage Client Library to create Shared Access Signature tokens? It provides lots of features and is the official SDK to access Microsoft Azure Storage.