I have trial Azure account and I have created table under storage. I want to read table using REST API. I am going through document (https://docs.microsoft.com/en-us/rest/api/storageservices/authorization-for-the-azure-storage-services) to prepare authorization header for HTTP request. I am not able to find 'Shared key' form portal, Can any one help?
3 Answers
Follow the steps below to view the storage access keys for an Azure Blob storage account:
Sign in to the Azure dashboard.
In the navigation pane, click on All Resources.
Choose the desired storage account.
Click on the key icon () to view the access keys () for the storage account.
Note: Each storage account has two storage access keys "so that you can maintain connections using one key while regenerating the other".
To copy a storage access key, click on the Copy icon next to the key you want to copy.
The term access key is synonymous with shared key in Azure lingo.
From Manage storage account access keys documentation article:
When you create a storage account, Azure generates two 512-bit storage account access keys. These keys can be used to authorize access to data in your storage account via Shared Key authorization.
Here is a working sample which creates a file:
https://github.com/mstaples84/azurefileserviceauth.git
It is based on the tutorial:
https://docs.microsoft.com/de-de/azure/storage/common/storage-rest-api-auth but deals with the issues I had when creating a file from the tutorial.
Simply run the Unit Test "CreateFileAsync()" to test it. Make sure to edit the constants set by the Test class to make it work.
Shared Key authorization for the Table service in version 2009-09-19 and later uses the same signature string as in previous versions of the Table service.
The format for the Authorization header is as follows:
Authorization="[SharedKey|SharedKeyLite] <AccountName>:<Signature>"
The Shared Key signature string for a request against the Table service does not include the CanonicalizedHeaders
portion of the string. Additionally, the Date
header in this case is never empty even if the request sets the x-ms-date
header. If the request sets x-ms-date
, that value is also used for the value of the Date
header.
To encode the signature string for a request against the Table service made using the REST API, use the following format:
StringToSign = VERB + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n" +
CanonicalizedResource;
This format supports Shared Key and Shared Key Lite for all versions of the Table service. Construct the CanonicalizedResource
string in this format as follows:
1.Beginning with an empty string (""), append a forward slash (/), followed by the name of the account that owns the resource being accessed.
2.Append the resource's encoded URI path. If the request URI addresses a component of the resource, append the appropriate query string. The query string should include the question mark and the comp
parameter (for example, ?comp=metadata
).
Encoding the Signature
To encode the signature, using the following format:
Signature=Base64(HMAC-SHA256(UTF8(StringToSign), Base64.decode(<your_azure_storage_account_shared_key>)))