Azure - call Storage rest api for list blobs

3
votes

What I am trying to do is connect to the Azure Storage Rest API List Blobs. Ref: http://msdn.microsoft.com/en-us/library/windowsazure/dd135734.aspx

I have tried to follow http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx in order to specify the authorization header however I get a 403 error - forbidden.

Code:

Uri address = new Uri("https://account.blob.core.windows.net/$logs?restype=container&comp=list");
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(address);
req.Headers["x-ms-date"] = "2013-09-04";
req.Headers["x-ms-version"] = "2012-02-12";
req.Method = "GET";

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/blob\ncomp:list\nrestype:container"; // resources

string accountName = "account";
string key = Convert.ToBase64String(Encoding.Default.GetBytes(StringToSign));
req.Headers["Authorization"] = string.Format("SharedKey {0}:{1}", accountName, key);

HttpWebResponse resp = req.GetResponse() as HttpWebResponse;

Can anyone see any mistakes? Is there a tool which can generate the key? One thing I am not sure of is I am encoding/hashing the string correctly.

Thanks, Andrew

Update with latest code. This code gives me a Forbidden error.

DateTime dt = DateTime.UtcNow;
string StringToSign = "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: " + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container";

string auth = SignThis(StringToSign, "accountkey", "account");
string method = "GET";
string urlPath = "https://account.blob.core.windows.net/$logs?restype=container&comp=list";
Uri uri = new Uri(urlPath);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-date", dt.ToString("R"));
request.Headers.Add("x-ms-version", "2012-02-12");
request.Headers.Add("Authorization", auth);

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
}
1
c#restazure
When you say "is there a tool that can generate the key" it makes me suspicious. You are getting the key from the azure storage page in the azure management portal right?crthompson
Yes. I am new to Azure - I have access to the portal, am I meant to use a key that is listed in the portal? Or construct the key via the code above?andrewb
I see now what you are doing with the "StringToSign". That is not what the example is trying to tell you. you are giving the result, not the value to to send. Let me try to work something up. The drag is that I have all this code at work.crthompson
You are meant to be using the key in the portal. The key along with your account name are your authentication. This is why you cant share those keys out to everyone.crthompson
Which key? The subscription ID? If that is the case, why does the MSDN have the above pages telling to go through all of these steps? Not trolling, just wondering. Thanksandrewb

1 Answers

4
votes

There are some issues with the code above. But before that, first thing you would need is the key for your storage account. You can get it from Windows Azure Portal. Click on the storage account name in the portal and then click on "MANAGE ACCESS KEYS" as shown in the screenshot below:

enter image description here

Now for the issues:

The way you're creating the authorization header is incorrect. For creating the authorization header, you would need account name, account key and StringToSign from your code above. Try this code:

private static String SignThis(String StringToSign, string Key, string Account)
        {
            String signature = string.Empty;
            byte[] unicodeKey = Convert.FromBase64String(Key);
            using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(canonicalizedString);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                  CultureInfo.InvariantCulture,
                  "{0} {1}:{2}",
                  "SharedKey",
                  Account,
                  signature);

            return authorizationHeader;
        }

The function above will provide authorization header which you would need to pass as authorization.

2nd thing I noticed was that in the code for StringToSign, you're not passing the container name. So your StringToSign should be:

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container"; // resources

You mentioned that you're quite new to Windows Azure. If I may suggest - implementing REST API has been done by a number of folks earlier also. Please take a look at what they have done instead of trying to do the same thing again. You may find these links useful:

http://convective.wordpress.com/2010/08/18/examples-of-the-windows-azure-storage-services-rest-api/

http://azurestoragesamples.codeplex.com/ - Look at the REST API implementation in this project.

UPDATE

Here's the working code (just change the account name, key and the container name)

static void ListContainers()
{
    string Account = "account";
    string Key = "key";
    string Container = "$logs";
    DateTime dt = DateTime.UtcNow;
    string StringToSign = String.Format("GET\n"
        + "\n" // content encoding
        + "\n" // content language
        + "\n" // content length
        + "\n" // content md5
        + "\n" // content type
        + "\n" // date
        + "\n" // if modified since
        + "\n" // if match
        + "\n" // if none match
        + "\n" // if unmodified since
        + "\n" // range
        + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
        + "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);

    string auth = SignThis(StringToSign, Key, Account);
    string method = "GET";
    string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
    Uri uri = new Uri(urlPath);
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    request.Method = method;
    request.Headers.Add("x-ms-date", dt.ToString("R"));
    request.Headers.Add("x-ms-version", "2012-02-12");
    request.Headers.Add("Authorization", auth);

    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {
    }
}

Hope this helps.