Azure create blob container using REST api and managed identity - 403 error
I am trying to create blob container under storage account using REST api
I am using managed identity (for app service, node application) to interact with storage account. This managed identity has necessary permission on resource group and storage account - storage account contributor and storage blob data contributor
Here are the steps I'm following:
Get access token for the managed identity on 'https://storage-account-name.blob.core.windows.net' resource (ref: https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#obtain-tokens-for-azure-resources)
Construct the request and call REST api for create container (ref: https://learn.microsoft.com/en-us/rest/api/storageservices/create-container)
mandatory headers I'm sending in the 2nd step are:
- Authorization: Bearer access-token
- x-ms-date: 2021-06-17T09:01:48.667Z
- x-ms-version: 2020-04-08
I'm getting: statusCode: 403, statusMessage: 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.'
Is there anything I'm missing while sending authorization header. Couldn't find any example of calling create container api using managed identity.
Another option would be to use blob storage sdk (https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs) but couldn't find any samples of creating container using managed identity.
Any pointers to make this work are greatly appreciated.
Thanks,
First, you couldn't call Rest API with managed identity. Authorization header needs the authorization scheme, account name, and signature.
Manage blobs with JavaScript v12 SDK in Node.js:
You could use @azure/identity for managed identity.
const { ManagedIdentityCredential } = require("@azure/identity");
const { BlobServiceClient } = require("@azure/storage-blob");
const credential = new ManagedIdentityCredential("<USER_ASSIGNED_MANAGED_IDENTITY_CLIENT_ID>");
const blobServiceClient = new BlobServiceClient(
`https://${account}.blob.core.windows.net`,
credential
);
- Electron exits without emiting render-process-gone event
- Writing npm modules in TypeScript
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- Puppeteer log inside page.evaluate
- multer-gridfs error " TypeError: Cannot read properties of undefined (reading '_id') "
- Node.js request - print entire http request (raw) of a post
- Verify if response is express or fastify
- crypto.randomUUID is not a function
- How to implement role based google authentication using Firebase
- How to install a previous exact version of a NPM package?
- Not able to get ECS fargate metrics on Datadog
- SCRAM-SERVER-FIRST-MESSAGE: client password must be a string
- Typescript no overload matches this call
- Why would one want to use Express instead of AngularJS?
- How to Properly Set Up Auth Middleware in Nuxt 3 with Node.js Backend?
- How can I get the raw HTTP message body using the request library in Node.js?
- Parsing error: Cannot read file '.../tsconfig.json'.eslint
- How to set the title of a Windows console while npm is running?
- npm install not creating node_modules folder
- How to check that Node JS is installed correctly?
- In Playwright asserting for the presence of any text in a element
- What's "EIO: i/o error, write" in node.js and how do I eliminate it?
- How to get all tokens by wallet address
- WebTorrent : TypeError: Cannot read properties of undefined (reading 'find')
- NVM: Getting Permission denied with nvm install command
- Problem with PHP Parse Cloud and Stripe when using Testing Credit Cards
- How to export multiple components from an index file in React?
- npm install not working. Says that I need to check permissions?
- Accessing Swagger Documentation in the Browser
- Fastify not working on Docker / Kubernetes