Accessing a blob resource using shared key authorization

0
votes

I am trying to read an Image file stored in Microsoft Azure Blob Storage through Shared key using postman which is giving me the following error.

<?xml version="1.0" encoding="utf-8"?>
<Error>
    <Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:48328e8c-601e-000a-3508-bec540000000
Time:2019-02-06T10:43:06.4920228Z</Message>
    <AuthenticationErrorDetail>The MAC signature found in the HTTP request 'jn37EV4KPWj3wQANreUQy8ih+H5rFOp0fqj1DebgBMk=' is not the same as any computed signature. Server used following string to sign: 'GET




image/jpeg






x-ms-date:Wed, 06 Feb 2019 10:38:54 GMT
x-ms-version:2018-03-28
/<accountName>/<containerFolder>/<image.jpg>'.</AuthenticationErrorDetail>
</Error>

The code I used to calculate Signature is:

class Program
    {
        private static string storageAccountKey = "<account_key>";

        static void Main(string[] args)
        {
            string utcDate = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture);
            string authStr = "GET\n\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:" + utcDate + "\nx-ms-version:2018-03-28\n/<account_name>/<container_name>/<image.jpeg>";
            string hash = CreateAuthorizationHeader(authStr);
            Console.WriteLine(hash);
            Console.ReadKey(true);
        }

        public static String CreateAuthorizationHeader(String canonicalizedString)
        {
            String signature = String.Empty;

            using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(storageAccountKey)))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(canonicalizedString);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                CultureInfo.InvariantCulture,
                "{0} {1}:{2}",
                AzureStorageConstants.SharedKeyAuthorizationScheme,
                AzureStorageConstants.Account,
                signature
            );

            return authorizationHeader;
        }
    }

    class AzureStorageConstants
    {
        public static string SharedKeyAuthorizationScheme = "SharedKey";

        public static string Account = "<account_name>";
    }

The headers i'm passing are:

  1. Content-Type: image/jpeg
  2. Authorization: SharedKey account_name:jn37EV4KPWj3wQANreUQy8ih+H5rFOp0fqj1DebgBMk=
  3. x-ms-version: 2018-03-28
  4. x-ms-date: Wed, 06 Feb 2019 10:38:54 GMT

I have breakpoint in CreateAuthorizationHeader(String canonicalizedString) and I copy the values of utcDate and Signature and pass it to the header. Where am i going wrong.?

1
c#azureazure-storage

1 Answers

0
votes

The reason you're getting this error is because you're passing content-type as one of the request headers however you're not including it when you're computing the canonicalizedString.

There're two things you could do:

  1. Remove content-type from your request headers: Since you're getting the content of the blob, you don't really need this header. Once you remove that, the code should work just fine.
  2. Include value of content-type header (image/jpeg) in your canonicalizedString computation: So your code would be:

string authStr = "GET\n\n\n\n\n\n\n\n\n\n\n\nimage/jpeg\nx-ms-date:" + utcDate + "\nx-ms-version:2018-03-28\n/<account_name>/<container_name>/<image.jpeg>";