AuthenticationFailed after creating sas token with New-AzStorageBlobSASToken

Question

I am creating a SAS token:

$start = [System.DateTime]::Now.AddMonths(-1)
$end = [System.DateTime]::Now.AddMonths(1)
$cloudConfigSas = New-AzStorageBlobSASToken -Container "myContainer" -Blob "myBlob" -Permission "rwd" -Protocol HttpsOnly -StartTime $start -ExpiryTime $end -FullUri -Context $storageContext

The full uri has this format:

https://{myStorage}.blob.core.windows.net/{myContainer}/{myBlob}.json?sv=2019-02-02&sr=b&sig=M8ZphKYAVr8vUk5V2F5QkcJOCmp05%2ByoPhcWPMrcSeI%3D&spr=https&st=2020-01-12T22%3A54%3A14Z&se=2021-01-13T22%3A54%3A14Z&sp=rwd

When trying to access it I receive the following error

<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:{myRequestID} Time:2020-01-14T00:19:08.2434298Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was rwd 2020-01-12T22:54:14Z 2021-01-13T22:54:14Z /blob/{myStorage}/{myContainer}/{myBlob} https 2019-02-02 b </AuthenticationErrorDetail>
</Error>

How did you use New-AzStorageContext and how did you access it? — Joy Wang-MSFT

Joy Wang-MSFT Joy Wang-MSFT · Accepted Answer · 2020-01-14T01:24:51

Per my test, your script should work. Try to use the New-AzStorageContext as below.

$storageContext = New-AzStorageContext -StorageAccountName storageaccount -StorageAccountKey 4i41SDZ3xxxxxxZJYA==
$start = [System.DateTime]::Now.AddMonths(-1)
$end = [System.DateTime]::Now.AddMonths(1)
$cloudConfigSas = New-AzStorageBlobSASToken -Container "test1" -Blob "batch.json" -Permission "rwd" -Protocol HttpsOnly -StartTime $start -ExpiryTime $end -FullUri -Context $storageContext

Access it in the browser:

AuthenticationFailed after creating sas token with New-AzStorageBlobSASToken

1 Answers