agoose
Reputation: 11
Make sure the value of Authorization header is formed correctly including the signature
When using the Azure Storage API to access file services, we are getting the following errors.
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:5a7f5ef2-a01a-0023-134e-436c77000000 Time:2021-05-07T14:36:32.7067133Z</Message>
<AuthenticationErrorDetail>Unversioned authenticated access is not allowed.</AuthenticationErrorDetail>
</Error>
We've followed the documentation and believe we have all the correct headers but obviously missing something.
Signature string we're encoding:
GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:Fri, 07 May 2021 15:29:49 GMT\nx-ms-version:2020-04-08\n/*our_azure_resource*\ncomp:metadata
Code using CryptoJS that we're using to do the encoding
let signature = CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse(stringToSign).toString(), this.key)
.toString(CryptoJS.enc.Base64);
Value of Authorization header:
SharedKey storageaccountname:decodedstring
Upvotes: 1
Views: 2302
Answers (1)
Jim Xu
Reputation: 23111
According to my test, we need to use the following code to do sign with package crypto-js
const str = CryptoJS.HmacSHA256(
inputvalue,
CryptoJS.enc.Base64.parse(accountKey)
);
const sig = CryptoJS.enc.Base64.stringify(str);
For example
- install package
npm i crypto-js request xml2js
- Code(list containers)
var CryptoJS = require("crypto-js");
var request = require("request");
var parseString = require("xml2js").parseString;
const methodName = "GET";
const accountName = "andyprivate";
const accountKey =
"";
const date = new Date().toUTCString();
const version = "2020-04-08";
const inputvalue =
methodName +
"\n" /*VERB*/ +
"\n" /*Content-Encoding*/ +
"\n" /*Content-Language*/ +
"\n" /*Content-Length*/ +
"\n" /*Content-MD5*/ +
"\n" /*Content-Type*/ +
"\n" /*Date*/ +
"\n" /*If-Modified-Since*/ +
"\n" /*If-Match*/ +
"\n" /*If-None-Match*/ +
"\n" /*If-Unmodified-Since*/ +
"\n" /*Range*/ +
"x-ms-date:" +
date +
"\n" +
"x-ms-version:" +
version +
"\n" +
"/" +
accountName +
"/" +
"\ncomp:list";
console.log(inputvalue);
const str = CryptoJS.HmacSHA256(
inputvalue,
CryptoJS.enc.Base64.parse(accountKey)
);
const sig = CryptoJS.enc.Base64.stringify(str);
const options = {
method: "GET",
url: `https://${accountName}.blob.core.windows.net/?comp=list`,
headers: {
"x-ms-date": date,
"x-ms-version": version,
Authorization: "SharedKey " + accountName + ":" + sig,
},
};
request(options, function (error, response) {
if (error) throw new Error(error);
parseString(response.body, (error, result) => {
if (error) throw new Error(error);
const res = JSON.stringify(result);
console.log(res);
});
});
For more details, please refer to here.
Upvotes: 2
Related Questions
- AzureStorage Blob Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature
- Azure Server failed to authenticate the request. Make sure the value of the authorization header is formed correctly including the signature
- Unable to create Azure Storage Account
- Azure storage file "Authentication scheme Bearer is not supported." "AuthenticationFailed"
- Status 403: This request is not authorized to perform this operation using this permission
- Azure Stored access policy, Signature did not match
- Azure Storage Authentication failing - Audience validation failed. Audience did not match. [AZURE][OAuth]
- AzureStorage: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature
- Microsoft.WindowsAzure.Storage.StorageException: The remote server returned an error: (403)
- Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature