CODEWITHSUNDEEP
javascriptazureazure-table-storage
LetsPlayYahtzee
LetsPlayYahtzee

Reputation: 7581

Azure Table Storage Authenticate REST call through javascript

I am trying to make a REST call to my Azure Table using javascript but I find it hard to authenticate the call.

I am using that piece of javascript (I know the date has to be maximum 15 min old, and I don't plan on using the actual key in the javascript!)

$(document).ready(function(){
    $("button").click(function(){
        var dateTimeInUtc = 'Fri, 12 Feb 2016 12:14:00 GMT';
        var version = '2015-04-05';
        var key = 'JEwMjqFD1ng8vIaECmRw8eQysiIvH08nF/jPKPYaNGumgxtKIjltX8bte5sKN6SNyw09s=='; // not an actuall key
        var stringToSign = 'GET\n\n\nFri, 12 Feb 2016 12:14:00 GMT\n/myaccount/mytable(PartitionKey=\'first_partition\', RowKey=\'1235\')';
        var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse(stringToSign), CryptoJS.enc.Base64.parse(key)));
        $.ajax({
            url:'https://myaccount.table.core.windows.net/mytable(PartitionKey=\'first_partition\', RowKey=\'1235\')',
            type: 'GET',
            success: function (data) {
                console.log('well done');
            },
            beforeSend: function (xhr) {
                xhr.setRequestHeader('Authorization', "SharedKey " + "myaccount" + ":" + signature);
                xhr.setRequestHeader('x-ms-date', dateTimeInUtc);
                xhr.setRequestHeader('x-ms-version', version);
            },
            error: function (rcvData) {
                console.log(rcvData);
            }
        });
    });
});

what I get 

403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)

Do you see anything obviously wrong? Do I miss something from the signature?

Upvotes: 1

Views: 427

Answers (2)

Michael Roberson - MSFT
Michael Roberson - MSFT

Reputation: 1621

The string-to-sign that you construct must be the exact URL transmitted over the wire, including percent encoding characters not allowed in a URL. In this case, the space character in the URL will be percent encoded over the wire, so it must be percent encoded in the string-to-sign.

From the MSDN page:

Any portion of the CanonicalizedResource string that is derived from the resource's URI should be encoded exactly as it is in the URI.

Upvotes: 1

Gaurav Mantri
Gaurav Mantri

Reputation: 136216

Based on the documentation for creating authorization header, to create the string to sign:

  1. Beginning with an empty string (""), append a forward slash (/), followed by the name of the account that owns the resource being accessed.
  2. Append the resource's encoded URI path, without any query parameters.
  3. Append a new-line character (\n) after the resource name.

However in your code, you're not including (PartitionKey=\'first_partition\', RowKey=\'1235\') there which should be included.

Can you try something like the following:

var stringToSign = 'GET\n\n\nFri, 12 Feb 2016 12:14:00 GMT\n/htirawdata/htirawdata(PartitionKey=\'first_partition\', RowKey=\'1235\')';

Upvotes: 0

Related Questions