Search code examples
azureazure-storageazure-api-managementazure-managed-identity

Unauthorized access to storage's table using API Management


I configured MSI to table storage in my API Management:

enter image description here

Then, in inboud policy i am setting mocked url to table storage:

    <inbound>
        <base />
        <set-backend-service base-url="https://<storage>.table.core.windows.net/<table>()?$top=10" />
        <authentication-managed-identity resource="https://storage.azure.com/" />
    </inbound>

And i see, that token is obtained correctly:

enter image description here

And i am getting 403 response as follows:

{
    "response": {
        "status": {
            "code": 403,
            "reason": "Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."
        },

My question is, how to call table storage from Api Management using managed identity?


Solution

  • Just add this to inbound policy:

    <set-header name="x-ms-version" exists-action="override">
        <value>@{string version = "2017-11-09"; return version;}</value>
    </set-header>