I'm trying to use SAS tokens in Azure Blob Storage following this tutorial, but I hit this error:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:2aada4ff-901e-0011-116c-8bc84f000000 Time:2019-10-25T19:41:37.0381744Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was r 2019-10-25T19:26:51Z 2019-10-25T20:31:51Z /blob/platinepersistencesg/$root/documents-legal-entity-01d6d631-bc1e-54e7-894e-f67297a2bae7 2019-02-02 b
</AuthenticationErrorDetail>
</Error>
Here is my code:
public async Task<IActionResult> GetSasToken()
{
const string containerName = "documents-legal-entity-01d6d631-bc1e-54e7-894e-f67297a2bae7";
const string blobName = "09578f41-e7fb-4765-bf41-869ea649f03a.pdf";
const SharedAccessBlobPermissions permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create;
var blobClient = CloudStorageAccount
.Parse("DefaultEndpointsProtocol=https;AccountName=<account_name>;AccountKey=<account_key>;EndpointSuffix=core.windows.net")
.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(containerName);
var blob = container.GetBlockBlobReference(blobName);
var policy = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = permissions
};
var sasToken = blob.GetSharedAccessSignature(policy);
var sasUri = container.Uri + sasToken;
return Ok(new { uri = sasUri });
}
I'm able to make it work following this answer, but I would like to use the Azure client instead for simplicity and to avoid carrying around the storage key.
Only thing you're missing is the blob name from your URL construction. Just need to change:
var sasUri = container.Uri + sasToken;
...to...
var sasUri = blob.Uri + sasToken;