Reputation: 3048
Azure Blob how to properly create and consume a SAS token
Before I begin, allow me to say that I have scoured MSFTs docs, everything seems to imply that I need to manually handroll the GET request? Which seems wrong, given that the SDK handles that for us.
What I am experiencing from my Xamarin app is the following 403 error when I try to run my code to get a list of blobs.
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.</Message></Error>
The way my workflow goes is as follows:
App Makes request to API to get Azure SAS token
API Responds using the following code to return the SAS token (blobServiceClient is defined using the default emulator storage connection string):
try { var client = blobServiceClient.GetBlobContainerClient(request.VenueId); var permissions = BlobContainerSasPermissions.Read | BlobContainerSasPermissions.List; var sas = client.GenerateSasUri(permissions, DateTimeOffset.Now.AddHours(1));
var containerUri = ""; #if DEBUG var temp = sas.AbsoluteUri; var replaced = temp.Replace("http://127.0.0.1:10000/", "http://myngrokproxy.ngrok.io/"); containerUri = replaced; #else containerUri = sas.AbsoluteUri; #endif //var sas = containerUri + container.GetSharedAccessSignature(accessPolicy); return new AzureSASResponse { SAS = containerUri }; } catch (Exception e) { return null; }
As you can see, the replace is there since localhost URL is meaningless for the emulator.
App side I try to consume it as follows:
try { var uri = new Uri(SAS); var containerClient = new BlobContainerClient(uri); var blobs = containerClient.GetBlobs().AsPages(); foreach(var blob in blobs) { Console.WriteLine(blob); } } catch (Exception e) { Console.WriteLine(e); }
My resulting SAS token looks like so: "http://myngrokproxy.ngrok.io/devstoreaccount1/8dc9e4831d634629b386680ad7c9a324?sv=2020-08-04&se=2021-10-21T21%3A43%3A16Z&sr=c&sp=rl&sig=oncjUlSLMsOS3WbxUWqjXDp28WACYxxVqUElrK%2BYNlY%3D"
How can I go about A) setting the auth header on it, even the GET request that fails is the .GetBlobs method in the Xamarin app?
Upvotes: 0
Views: 1679
Answers (1)
Reputation: 3048
After much trial and error my ways to fix it were as follows:
Use latest version of azurite from Microsoft, I used the original old one (Arafuto/azurite)
change code to look as follows;
var sasBuilder = new BlobSasBuilder() { BlobContainerName = containerClient.Name, Resource = "c", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-15), ExpiresOn = DateTimeOffset.UtcNow.AddDays(7) }; sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.List); var client = blobServiceClient.GetBlobContainerClient(request.VenueId); var permissions = BlobContainerSasPermissions.Read | BlobContainerSasPermissions.List; var sas = client.GenerateSasUri(sasBuilder); var containerUri = ""; #if DEBUG var temp = sas.AbsoluteUri; var replaced = temp.Replace("http://127.0.0.1:10000/", "http://myngrokproxy.ngrok.io/"); containerUri = replaced; #else containerUri = sas.AbsoluteUri; #endif return new AzureSASResponse { SAS = containerUri };
The inspiration for the BlobSasBuilder came from this document: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet#get-a-user-delegation-sas-for-a-container
Upvotes: 0
Related Questions
- Getting Error while Creating SAS Token for Azure Storage Blob with MSI
- How to use SAS Token to connect to Azure BlobStorage from C#?
- Using Azure.Storage.Blobs to generate SAS expiring tokens with .NET Core 3.1
- Connect and update Azure Blob with Blob-specific SAS Token
- CloudStorageAccount with StorageCredentials of SAS token
- Azure Blob Storage SAS Token not formed properly .NET
- Azure Blob Storage with SAS Token
- Why can't my app access by blob storage using this SAS token?
- Azure SAS Token not working with Azure.Storage.Blobs BlobServiceClient
- Azure Blob Storage Sas Error: AuthenticationFailed