Search code examples
azurepowershellazure-table-storageazure-tablequeryazure-tableclient

Why am I getting a 403 Forbidden error when trying to access Azure Table Storage?

I am using PowerShell to interact with Azure Table Storage, but I keep receiving a 403 Forbidden error. Here is the relevant part of my script:

function InsertReplaceTableEntity($TableName, $PartitionKey, $Rowkey, $entity) {
    $version = "2017-04-17"
    $resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
    $table_url = "https://$storageAccount.table.core.windows.net/$resource"
    Write-Host "Table URL: $table_url"
    
    $GMTTime = (Get-Date).ToUniversalTime().toString('R')
    $stringToSign = "$GMTTime`n/$storageAccount/$resource"
    Write-Host "String to Sign: $stringToSign"

    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($ADL_KEY)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
    $signature = [Convert]::ToBase64String($signature)
    Write-Host "Signature: $signature"

    $headers = @{
        'x-ms-date'    = $GMTTime
        Authorization  = "SharedKeyLite " + $storageAccount + ":" + $signature
        "x-ms-version" = $version
        Accept         = "application/json;odata=fullmetadata"
    }
    Write-Host "Headers: $($headers | ConvertTo-Json)"

    $body = $entity | ConvertTo-Json
    Write-Host "$body"
    $item = Invoke-RestMethod -Method PUT -Uri $table_url -Headers $headers -Body $body -ContentType application/json
}
Solution

  • Why am I getting a 403 Forbidden error when trying to access Azure Table Storage?

    The above error occurs when you have issue with authentication or authorization.

    I used the below script to insert the entity in the azure table storage.

    Script:

    $version = "2019-02-02"
$storageAccount = "venkat326123"
$ADL_KEY = "T3czZpu1gZ0nxxxxxxx=="
$tableName = "table1"
$PartitionKey = "name"
$Rowkey = "venkatesan"
$entity = @{
    "Property1" = "test"
    "Property2" = "key"
}

$resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
$table_url = "https://$storageAccount.table.core.windows.net/$resource"
Write-Host "Table URL: $table_url"

$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$stringToSign = "$GMTTime`n/$storageAccount/$resource"
Write-Host "String to Sign: $stringToSign"

$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Convert]::FromBase64String($ADL_KEY)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signature = [Convert]::ToBase64String($signature)
Write-Host "Signature: $signature"

$headers = @{
    'x-ms-date'    = $GMTTime
    Authorization  = "SharedKeyLite " + $storageAccount + ":" + $signature
    "x-ms-version" = $version
    Accept         = "application/json;odata=fullmetadata"
}
Write-Host "Headers: $($headers | ConvertTo-Json)"

$body = $entity | ConvertTo-Json
Write-Host "$body"
$item = Invoke-RestMethod -Method PUT -Uri $table_url -Headers $headers -Body $body -ContentType application/json
 Write-Host "Entity updated successfully."

    Output:

    Table URL: https://venkat326123.table.core.windows.net/table1(PartitionKey='name',RowKey='venkatesan')
String to Sign: Mon, 19 Aug 2024 05:37:24 GMT
/venkat326123/table1(PartitionKey='name',RowKey='venkatesan')
Signature: nA2IcN6ecHNQuxxxxxxxxpeKAWp4JHU=
Headers: {
    "Authorization":  "SharedKeyLite venkat326123:nA2IcN6ecxxxxxU=",
    "x-ms-version":  "2019-02-02",
    "Accept":  "application/json;odata=fullmetadata",
    "x-ms-date":  "Mon, 19 Aug 2024 05:37:24 GMT"
}
{
    "Property1":  "test",
    "Property2":  "key"
}
Entity updated successfully.

    Portal: enter image description here

    Also check the firewall settings in the azure storage account whether it is enabled to all networks this also may cause the 403 error.

    Reference: Insert Entity (REST API) - Azure Storage | Microsoft Learn