Azure Storage Account SAS and Azure Virtual Machine

0
votes

I created a linux virtual machine on Azure and a Blob Storage Account on the same subscription and in the same resource group.

I'm trying to access my storage account from my virtual machine using Shared Access Signatures.

So I generated a SAS URL using the public IP of my virtual machine and tried to access the storage account from my Java application and I have an error telling me that the specified IP is not in the range of authorized IPs.

I tried with another subscription and got the same thing.

I tried too using curl and always got the same error.

The error is : 

<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthorizationSourceIPMismatch</Code>
<Message>
This request is not authorized to perform this operation using this source IP 100.**.**.**.
RequestId:*********-****-****-****-***********
Time:2016-11-24T09:58:57.9211184Z
</Message>
<SourceIP>100.**.**.**</SourceIP>
</Error>
2
azureazure-storage-blobsazure-virtual-machine

2 Answers

0
votes

According to the error message you provided, I assumed that when you generate the SAS token, you might have configured the optional parameter IP.

As mentioned in the official tutorial:

IP. An optional parameter that specifies an IP address or a range of IP addresses outside of Azure (see the section Routing session configuration state for Express Route) from which to accept requests.

Please try to check your SAS URL and find whether you have configured the sip parameter. You could try to remove the optional IP parameter or include the specific IPs and regenerate your SAS Token.

0
votes

Based on the answer from Bruce, note the same documentation referenced above says "outside of Azure". I would believe then using sip in SAS for IPs in Azure's range would be unsupported. Your best bet for a similar behavior is to use Storage Firewall and allow the VM's virtual network to connect instead.