Search code examples
azureazure-functionsazure-blob-storageazure-functions-core-tools

Getting 403 error when uploading large file to blob

I follow this example to upload file to azure blob storage. https://dmrelease.blob.core.windows.net/azurestoragejssample/samples/sample-blob.html

    var blobService = AzureStorage.Blob.createBlobServiceWithSas(url, sasKey);
    var customBlockSize = file.size > 1024 * 1024 * 32 ? 1024 * 1024 * 4 : 1024 * 512;
    blobService.singleBlobPutThresholdInBytes = customBlockSize;

    var finishedOrError = false;
    const options = {
        blockSize: customBlockSize
    };
    var speedSummary = blobService.createBlockBlobFromBrowserFile(container, buildBlobName(file), file, options, function (error, result, response) {
        console.log("speedSummary")
        finishedOrError = true;
        if (error) {
            alert('Error');
        } else {
            displayProcess(100);
        }
    });

When I tried to upload small file (<512kb), it works without any error. However, I upload bigger file (>512kb), I start receiving errors in each of the refreshProgress. Here is the error.

PUT https://?????.blob.core.windows.net/images/210815%20bltn_c94e6d0b3f30a.pdf?comp=block&blockid=MWU4YTRjZDktMDAwMDAx&sv=2019-12-12&se=2021-09-12T13%3A06%3A18Z&sr=c&sp=c&sig=QdS%2BjhcLQ4WJXHDjShZSny5F1%2FhSZbl%2Fj6Oq%2B1DMzMA%3D&api-version=2018-03-28x 403 (This request is not authorized to perform this operation using this permission.)
PUT https://?????.blob.core.windows.net/images/210815%20bltn_c94e6d0b3f30a.pdf?comp=block&blockid=MWU4YTRjZDktMDAwMDAx&sv=2019-12-12&se=2021-09-12T13%3A06%3A18Z&sr=c&sp=c&sig=QdS%2BjhcLQ4WJXHDjShZSny5F1%2FhSZbl%2Fj6Oq%2B1DMzMA%3D&api-version=2018-03-28x 403 (This request is not authorized to perform this operation using this permission.)

It seems to fail with multi-part upload. Precisely, when I upload a file with size 600kb, I've got two error with the exactly same link. Are the links supposed to be exactly the same for each multipart download? Or is there settings in the container wrong? I've looked at several examples online. The implementations are more or less the same.

Any idea what's wrong? Thanks

Solution

  • The issue is with the permissions in your Shared Access Signature (SAS) token.

    Currently your SAS token only has create permission (sp=c) which only allows you to perform Put Blob operation (that's why your request succeeds when your blob size is less than 512KB as the blob is not split in blocks).

    When the blob size is more than 512KB, the blob is uploaded by splitting the blob in multiple chunks (blocks). Behind the scenes, Put Block REST API operation is performed. For Put Block operation, your SAS token needs a write permission (sp=w). Once you add this permission, you should not get this error.

    In fact, using just write permission should be sufficient in both cases (Put Blob & Put Block).

    For more details, please see this link: https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#permissions-for-a-directory-container-or-blob.