Search code examples
c#azcopy

AzCopy V10 copying files

I'm having issues when attempting to copy blobs from one container to another using AzCopy V10 in C#.

When I write the code via the command line I can transfer the files no problem however when I try and do the same thing in C# I get an authentication error.

Error Message 

failed to perform copy command due to error: cannot start job due to error: cannot list blobs, -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.7.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
Time:2019-08-16T10:21:18.0483745Z, Details:
   Code: AuthorizationPermissionMismatch
   User-Agent: [AzCopy/10.2.1 Azure-Storage/0.7 (go1.12; Windows_NT)]
   --------------------------------------------------------------------------------
   RESPONSE Status: 403 This request is not authorized to perform this operation using this permission.
   Content-Length: [279]
   Content-Type: [application/xml]
   Date: [Fri, 16 Aug 2019 10:21:17 GMT]
   Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0]
   X-Ms-Error-Code: [AuthorizationPermissionMismatch]     
   X-Ms-Version: [2018-11-09]

My code is as follows.

SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy
{
   SharedAccessStartTime = DateTimeOffset.UtcNow.AddDays(-1),
   SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddDays(1), // 1 day expired
   Permissions = SharedAccessBlobPermissions.Read  //Read & Write
};
//  var createFolder = items.GetBlockBlobReference(items.Name);

var AzCopyProcess = new Process();
AzCopyProcess.StartInfo.UseShellExecute = false;
AzCopyProcess.StartInfo.RedirectStandardOutput = true;
AzCopyProcess.StartInfo.FileName = strCommand;
//pass storage account name, container and the key        
//  Debug.WriteLine($"azcopy cp \"{items.Uri}{items.GetSharedAccessSignature(sasConstraints)}\" \"{dayBlob.Uri}{dayBlob.GetSharedAccessSignature(sasConstraints)}\" --recursive");
AzCopyProcess.StartInfo.Arguments = $"copy \"{items.Uri}{items.GetSharedAccessSignature(sasConstraints)}\" {" "} \"{dayBlob.Uri}{dayBlob.GetSharedAccessSignature(sasConstraints)}\" --recursive";
AzCopyProcess.Start();
StreamWriter stdOut = new StreamWriter(Console.OpenStandardOutput());
stdOut.AutoFlush = true;
Console.Write(stdOut);
var output = AzCopyProcess.StandardOutput.ReadToEnd();
Console.WriteLine($"{items.Name} {output}");
Solution

  • For the source you need to set the permissions to Read and List so it scan the files.

    Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List

    For the destination you need to permission for writing.

    Permissions = SharedAccessBlobPermissions.Write

    Since you only use a single SASPolicy you could combine them, although that does mean the SAS token gives a few extra permissions that are not required for the process.

     Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Write