Azure Storage - 403 Forbidden

2
votes

I am getting 403 forbidden error message while connecting to azure storage from application server. I am using below code snippet to check connectivity with azure storage.

I am not sure it could be our firewall/proxy not allowing connectivity or related to SSL certificate (cert revocation). I am checking with our network team on this; any suggestion would be helpful. 

  string storageConnString = "DefaultEndpointsProtocol=https;AccountName=azstoragel692;AccountKey=asdfas234234sdfsdf234234;EndpointSuffix=core.windows.net";   
        var storageAccount = CloudStorageAccount.Parse(storageConnString);
        var blobStorage = storageAccount.CreateCloudBlobClient();
        CloudBlobContainer container = blobStorage.GetContainerReference("myContainer");
        var blobsCount = container.ListBlobs().Count();
        Console.WriteLine(blobsCount);

Exception:

Microsoft.WindowsAzure.Storage.StorageException: The remote server returned an e rror: (403) Forbidden. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.

at System.Net.HttpWebRequest.GetResponse() at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTC ommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) in c:\Prog ram Files (x86)\Jenkins\workspace\release_dotnet_master\Lib\ClassLibraryCommon\C ore\Executor\Executor.cs:line 677

Request Information RequestID: RequestDate:Fri, 01 Dec 2017 14:04:26 GMT StatusMessage:AccessDenied

3
c#.netazure-storageazure-storage-blobs
Have you double-checked the account name and key?Camilo Terevinto
@CamiloTerevinto Sorry I should have mentioned it in my question itself. The account name and key mentioned in code snippet are dummy. Though I am sure that I am using correct account name and key for my connectivity test.DevX
I also try same code snippet with DefaultEndpointsProtocol=http and getting same error.DevX
Have you tried to use another storage account and key? The code you mentioned works correctly on myside. Have you tried to update the Azure storeage SDK version to 8.6.0? Addtional info: The container name shoud be lower case.Tom Sun - MSFT
Thanks @TomSun for the response. I tried with other storage account and key as well, getting same error. Also I am using Azure Storage SDK 8.6.0. Container name is lower case in my original code.DevX

3 Answers

3
votes

I know this is the answer for your case but it may be the answer for someone else.

In my case, I was getting 403 Forbidden because the server was somehow set to an hour before.

This was followed by an issue with the data center. I can't be sure if this was the cause but the fact is that after I synced the time correctly, it started working just fine.

I got this tip (request timestamp too old) after installing Microsoft Azure Storage Explorer in the server and trying to access the blob storage.

1
votes

Finally I was able to resolve this issue. It was with our enterprise proxy which was blocking the connection to Azure storage account. As I was trying to connect Azure blob storage so we had to whitelist URL *.blob.core.windows.net on the proxy.

0
votes

Please check the clock on the servers in question. Apart from the incorrect account key, you can also get 403 error if the time on the server is not in sync with the time on storage servers (Give or take +/- 15 minutes deviation is allowed).