How to authenticate REST API blob storage operations to use azurite

Question

I am launching azurite from the command line as outlined in the docs and that is working fine. https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azurite?tabs=visual-studio%2Cblob-storage#running-azurite-from-the-command-line

I am trying to preform GET and PUT blob storage operation from postman but I am unable to figure out how to authorize my requests.

I DO NOT want to use SAS. How do I populate the "Authorization" header with a valid value?

https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key#specifying-the-authorization-header

Authorization="[SharedKey|SharedKeyLite] <AccountName>:<Signature>"  

where SharedKey or SharedKeyLite is the name of the authorization scheme, AccountName is the name of the account requesting the resource, and Signature is a Hash-based Message Authentication Code (HMAC) constructed from the request and computed by using the SHA256 algorithm, and then encoded by using Base64 encoding.

for azurite the storage account and key is well documents but how to I use it to create this header

Answer 1

How to authenticate REST API blob storage operations to use azurite

I followed this MS-Document,

I started my azurite with below command:

PS C:\Users\azurite> azurite start
Azurite Blob service is starting at http://127.0.0.1:10000
Azurite Blob service is successfully listening at http://127.0.0.1:10000
Azurite Queue service is starting at http://127.0.0.1:10001
Azurite Queue service is successfully listening at http://127.0.0.1:10001
Azurite Table service is starting at http://127.0.0.1:10002
Azurite Table service is successfully listening at http://127.0.0.1:10002

Now, you can use the below code to create sharedkey with date and api version using Python code.

Code:

import hmac
import hashlib
import base64
from datetime import datetime

def main():
    authorization, date, api_version = blobs()

    print(f"Authorization: {authorization}")
    print(f"Date: {date}")
    print(f"API Version: {api_version}")
    input("Press any key to exit...")


def blobs():
    account = "devstoreaccount1"
    key = "xxxx"  # Replace with your access key
    container = "xxx" # Replace with your container name
    blob = "xxx" # Replace with your blob name
    api_version = "2021-06-08"

    dt = datetime.utcnow()
    date_str = dt.strftime('%a, %d %b %Y %H:%M:%S GMT')

    string_to_sign = (f"GET\n"  # HTTP method
                     f"\n"  # Content-Encoding
                     f"\n"  # Content-Language
                     f"\n"  # Content-Length
                     f"\n"  # Content-MD5
                     f"\n"  # Content-Type
                     f"\n"  # Date
                     f"\n"  # If-Modified-Since
                     f"\n"  # If-Match
                     f"\n"  # If-None-Match
                     f"\n"  # If-Unmodified-Since
                     f"\n"  # Range
                     f"x-ms-date:{date_str}\n"
                     f"x-ms-version:{api_version}\n"
                     f"/{account}/{account}/{container}/{blob}")

    signature = sign_this(string_to_sign, key)

    # Updated Authorization format
    authorization = f"SharedKey {account}:{signature}"

    return authorization, date_str, api_version


def sign_this(string_to_sign, key):
    decoded_key = base64.b64decode(key)
    string_to_sign = string_to_sign.encode('utf-8')

    hmac_sha256 = hmac.new(decoded_key, string_to_sign, hashlib.sha256)
    signature = base64.b64encode(hmac_sha256.digest()).decode('utf-8')

    return signature


if __name__ == "__main__":
    main()

Output:

Authorization: SharedKey devstoreaccount1:vJp+QagiA/xxxxxxx/Dq49IDmoW76E=
Date: Fri, 25 Oct 2024 05:00:32 GMT
API Version: 2021-06-08

Now, for testing I'm using GET request to get the blob content.

Request:

http://127.0.0.1:10000/devstoreaccount1/<container name>/<blob name>
Headers: 
x-ms-version : 2021-06-08
x-ms-date: Fri, 25 Oct 2024 05:00:32 GMT
Authorization:SharedKey devstoreaccount1:vJp+QagiA/xxxxxxx/Dq49IDmoW76E=

Output: