CODEWITHSUNDEEP
azurepowershellazureservicebussas-token
nobody
nobody

Reputation: 11080

Azure Service Bus Send Message - Invalid authorization token signature

I have the below powershell code to send a message to Azure Service Bus Queue.

param
(
    [Parameter(Mandatory = $true)][string] $ResourceGroupName,
    [Parameter(Mandatory = $true)][string] $NamespaceName,
    [Parameter(Mandatory = $true)][string] $QueueName,
    [Parameter(Mandatory = $false)][string] $PolicyName = 'SASPolicy'
)      
$test_msg = [PSCustomObject] @{ "test" = "This is a test message" } | ConvertTo-Json -Compress
$authorizationId = (Get-AzServiceBusAuthorizationRule -ResourceGroupName $ResourceGroupName -NamespaceName $NamespaceName -QueueName $QueueName).Id
$token = (New-AzServiceBusAuthorizationRuleSASToken -AuthorizationRuleId $authorizationId  -KeyType PrimaryKey -ExpiryTime Get-Date.AddHours(1.0)).SharedAccessSignature 

$auth_headers = @{ "Authorization" = "SharedAccessSignature $token"; "Content-Type" = "application/json" }
$uri = "https://$NamespaceName.servicebus.windows.net/$QueueName/messages"
$http_statuscode = Invoke-WebRequest -Uri $uri -Headers $auth_headers -Method Post -Body $test_msg
Write-Host "Message sent successfully: $http_statuscode.StatusCode"

I am getting the below error for on the invoke-webrequest

Response status code does not indicate success: 401 (SubCode=40103: | Invalid authorization token signature).

Upvotes: 0

Views: 994

Answers (2)

nobody
nobody

Reputation: 11080

I had the wrong Policy Name i.e. PrimaryKey should be replaced by the 'SASPolicy' which is the name of the SAS policy defined on the bus.

$token = (New-AzServiceBusAuthorizationRuleSASToken -AuthorizationRuleId $authorizationId  -KeyType PrimaryKey -ExpiryTime Get-Date.AddHours(1.0)).SharedAccessSignature

To

$token = (New-AzServiceBusAuthorizationRuleSASToken -AuthorizationRuleId $authorizationId  -KeyType SASPolicy -ExpiryTime (Get-Date).AddHours(1.0)).SharedAccessSignature

Upvotes: 0

Venkatesan
Venkatesan

Reputation: 10370

I tried in my environment and got the below results:

Initially, I got the same error when I tried with your code:

enter image description here

The above error occurs when you pass the wrong SAS token in the authorization header.

You can follow this MS-DOCS and use the below PowerShell code to send a message to Azure Service Bus Queue.

Code:

$QueueName='yourqueuename'
$NamespaceName='Yournamespacename'
$Access_Policy_Name="your-access policyname"
$Access_Policy_Key="your-access-policy key"

$test_msg = [PSCustomObject] @{ "test" = "This is a test message" } | ConvertTo-Json -Compress 

$uri = "https://$NamespaceName.servicebus.windows.net/$QueueName"   
$Expires=([DateTimeOffset]::Now.ToUnixTimeSeconds())+300
$SignatureString=[System.Web.HttpUtility]::UrlEncode($URI)+ "`n" + [string]$Expires
$HMAC = New-Object System.Security.Cryptography.HMACSHA256
$HMAC.key = [Text.Encoding]::ASCII.GetBytes($Access_Policy_Key)
$Signature = $HMAC.ComputeHash([Text.Encoding]::ASCII.GetBytes($SignatureString))
$Signature = [Convert]::ToBase64String($Signature)
$SASToken = "SharedAccessSignature sr=" + [System.Web.HttpUtility]::UrlEncode($URI) + "&sig=" + [System.Web.HttpUtility]::UrlEncode($Signature) + "&se=" + $Expires + "&skn=" + $Access_Policy_Name


$auth_headers = @{ "Authorization" = "$SASToken"; "Content-Type" = "application/json ";}
$uri = "https://$NamespaceName.servicebus.windows.net/$QueueName/messages"
$http_statuscode = Invoke-WebRequest -Uri $uri -Headers $auth_headers -Method Post -Body $test_msg
Write-Host "Message sent successfully"

Output:

Message sent successfully

enter image description here

Portal:

enter image description here

Reference:

Azure Service Bus access control with Shared Access Signatures - Azure Service Bus | Microsoft Learn

Upvotes: 3

Related Questions