Unable to Get/Post Blob on Azure Storage via Rest API in C#

1
votes

Upon successful consumption of Azure Rest api in c# code. I'm able to create, fetch and fetch list of containers but not blob. While accessing or uploading blobs, this gives permission issue and i.e.,

you are not authorized to perform this request with assigned permission

Progress that i have made so far:

  1. Able to create and fetch the container.
  2. Able to fetch the list of all the containers of storage account.

When tries to Get/Put a blob via below source code it give me error:

This request is not authorized to perform this operation using this permission.

string endPointUri = $"{azureApplicationConfiguration.Resource}/{inpContainerName}/{inpBlobName}";
var request = (HttpWebRequest)WebRequest.Create(endPointUri);
request.Method = HTTPMethod.GET.ToString();
request.Headers.Add("Authorization", $"Bearer  {sasToken.access_token}");
request.Headers.Add("x-ms-date", DateTime.UtcNow.ToString("R"));
request.Headers.Add("x-ms-version", "2018-03-28");
request.ProtocolVersion = HttpVersion.Version11;

using (HttpWebResponse resp = (HttpWebResponse)request.GetResponse())
{
    Console.WriteLine(resp.StatusCode.ToString());
    Console.ReadKey();
}
1
azurerestapiblobstorage

1 Answers

0
votes

The most likely answer is that the SAS token you're using to authenticate does not support object level access. You can confirm this by checking if there is a letter o in the Signed Resource Types srt= parameter in your SAS token. Based on the fact you can list and create containers, I'd guess the current value is srt=sc. To be able to perform GET/PUT operations on a blob as well, you'll need to generate a new SAS token that includes object level permissions, which should give you a token containing srt=sco.

In case you aren't aware of it already, there is a .NET Azure Storage SDK available, which provides a layer of abstraction over the REST API and may save you some time in the long run.