Azure API SharedKeyLite in Powershell

12
votes

I'm trying to implement a SharedKeyLite Authorization header function in powershell. This is to connect to Azure Tables REST API. I'm missing something cause I keep getting an error:

Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

   function GenerateHeader($accountName, $accountKey, $action)
{
    $xmsdate = get-date
    $xmsdate = $xmsdate.ToUniversalTime()
    $xmsdate = $xmsdate.toString('r')
    $newLine = "`n";
    $message = $xmsdate + $newline + "/" + $accountname + "/" + $action;
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($accesskey)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($message))
    $signature = [Convert]::ToBase64String($signature)
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("x-ms-version", "2014-02-14")
    $headers.Add("x-ms-date", $xmsdate)
    $headers.Add("Authorization", "SharedKeyLite " + $accountName + ":" + $signature)

    return $headers
}

UPDATE: Here's code that calls this function. The $action variable is set to the URI string.

$uriString = "https://$StorageAccountName.table.core.windows.net/Tables"

$headers = GenerateHeader $StorageAccountName $StorageAccountKey "Tables"

Invoke-RestMethod -Uri $uriString -Method $method -Headers $headers -Body $body

And here's the error it throws.

Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:4215377d-0002-0044-1a92-94cd56000000 Time:2015-05-22T13:21:53.5205261Z At C:\Users\Samuel\Source\BaseDataInstall\BaseDataInstall\AzureHelpers.ps1:45 char:2 + Invoke-RestMethod -Uri $uriString -Method $method -Headers $headers -Body $body + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc eption + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

EDIT: Here's the Example output from the $headers variable outside the function...

Key   : x-ms-version
Value : 2014-02-14

Key   : x-ms-date
Value : Tue, 26 May 2015 19:30:20 GMT

Key   : Authorization
Value : SharedKeyLite <MyStorageName>:lf+ndqhi4OeJhIfLljugT0dfcLbqXDBHwrQJn9Q66HQ=
2
powershellazureazure-table-storage
Could you please add more details such as the value of $action and also the entire response returned by the server?Serdar Ozler
Does $headers outside the function appear to contain the correct information as best as you can tell? It does not look like it but I wonder if the function is returning something you didn't expect along with the $headers from inside the functionMatt
I hadn't thought about that, but I checked. I updated the question with the output. It looks right to me, but it's not working.SamuelWarren

2 Answers

4
votes

So this ended up being a simple coding error :(

I feel kinda silly posting this now, but I'm going to post an answer cause I couldn't find a working Authorization builder for Azure in Powershell anywhere. This one does work for Azure tables...

function GenerateHeader($accountName, $accountKey, $action)
{
    $xmsdate = get-date
    $xmsdate = $xmsdate.ToUniversalTime()
    $xmsdate = $xmsdate.toString('R')
    $newLine = "`n";
    $action = $action.ToLower()
    $message = $xmsdate + $newline + "/" + $accountname + "/" + $action;
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($accountKey)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($message))
    $signature = [Convert]::ToBase64String($signature)
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Content-Type", "application/json")
    $headers.Add("x-ms-date", $xmsdate)
    $headers.Add("Authorization", "SharedKeyLite " + $accountName + ":" + $signature)

    return $headers
}
3
votes

There seem to be a change in the Azure API. I had to disable the "toLower" statement for this to Work.

function GenerateHeader($accountName, $accountKey, $action)
{
    $xmsdate = get-date
    $xmsdate = $xmsdate.ToUniversalTime()
    $xmsdate = $xmsdate.toString('R')
    $newLine = "`n";
    # $action = $action.ToLower()
    $message = $xmsdate + $newline + "/" + $accountname + "/" + $action;
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($accountKey)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes ($message))
    $signature = [Convert]::ToBase64String($signature)
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    # $headers.Add("Content-Type", "application/json")
    $headers.Add("x-ms-date", $xmsdate)
    $headers.Add("Authorization", "SharedKeyLite " + $accountName + ":" + $signature)

    return $headers
}

I hope this helps someone :-)