Reputation: 584
Azure Blob - 403 on upload - Sitecore CM / CD topology
I am trying to upload images from a Sitecore website, into an Azure Blob Storage, using the Azure.Storage.Blob library. In a single topology, on our test environment, it works without a problem, even on our local setups. On the other hand, in our staging environment (having a CM/CD topology), it throws a 403 status.
The storage account is public, we can do any operations into that storage account from local machines / test environment. Also, for the staging environment, we do have a front door set up in Azure, but even by deactivating that, still the same exception thrown.
Did anyone encounter this problem? Investigated for days but I am getting clueless. Thank you.
The exception is as follows:
Exception: Azure.RequestFailedException
Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:8e1769d5-e01e-001e-0499-ac8ce4000000
Time:2022-08-10T09:13:32.0353745Z
Status: 403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)
ErrorCode: AuthenticationFailed
Additional Information:
AuthenticationErrorDetail: The MAC signature found in the HTTP request 'cJB+JGEEjhxJiYsAlcnlZOBw09rreVlAd5eJMis7vD0=' is not the same as any computed signature. Server used following string to sign: 'PUT
887486
application/octet-stream
x-ms-blob-type:BlockBlob
x-ms-client-request-id:5a970fad-c322-41dd-9c79-be7b52057fdd
x-ms-date:Wed, 10 Aug 2022 09:13:32 GMT
x-ms-request-id:|NoBMxLCuSY4=.5431b150_8.
x-ms-request-root-id:NoBMxLCuSY4=
x-ms-return-client-request-id:true
x-ms-version:2021-04-10
/[sa_name]/[container_name]/AdvertisementMedia/10c8df42-8803-4acb-38eb-08da7a1ea032/5viawtti.zki.png'```
Upvotes: 2
Views: 262
Answers (1)
Reputation: 1433
This error usually happens when the MAC signature is formed incorrectly or signed with an incorrect key. CM/CD topology of Sitecore application does not matter if you work directly with the Azure.Storage.Blob library.
However, if the same code and configuration works OK in other environments, try comparing HTTP headers to identify the difference between local and staging environments. Here are a couple of common reasons I saw in the past:
- The
x-ms-dateheader contains an incorrect date or the date is incorrect timezone. The date should be the current UTC datetime and not older than 15 minutes, otherwise Azure storage service will return the response code403 (Forbidden). If your staging server uses a time zone different from UTC, it can be the problem. - There is an extra header that is not included in the MAC signature. For example, I can see the header
x-ms-request-root-idin your exception which is automatically added to outgoing requests by Application Insights. If you have Application Insights in the staging environment with enabled dependency tracking, make sure that additional HTTP headers are disabled for the domaincore.windows.netinApplicationInsights.config:
<TelemetryModules>
<Add Type="Microsoft.ApplicationInsights.DependencyCollector.DependencyTrackingTelemetryModule, Microsoft.AI.DependencyCollector">
<ExcludeComponentCorrelationHttpHeadersOnDomains>
<Add>core.windows.net</Add>
</ExcludeComponentCorrelationHttpHeadersOnDomains>
</Add>
</TelemetryModules>
You can read more about signature strings here.
Upvotes: 2
Related Questions
- Azure Blob 400 Bad request on Creation of container
- azure blob returns 403 forbidden with correct access key
- Azure Storage - 403 Forbidden
- 403 error in production from WindowsAzure.Storage
- Azure Blob returning 403 on upload
- Azure storage emulator - blob creation gives 403 Forbidden message
- Azure Blob Storage 403 Authentication Failed
- 403 Error when testing azure Blob Storage upload
- Azure Blob Storage Upload Error: (403) Forbidden
- Unable to Upload File to Windows Azure Blob