Azure Service Bus Restful Api Get

0
votes

I am trying to generate access Azure Service Bus Resftul APIs using SAS. My understanding is I need to generate an authorization header with something like the following:-

SharedAccessSignature sig=<sig>&
se=<epochexpirydate>&skn=RootManageSharedAccessKey&
sr=<urlToQueue>

Using postman I try to launch a request to https://service-bus-namespace.servicebus.windows.net/queuename

I generate the signature of my SAS using the url from sr & \n & epoch-time encrypted to SHA256 using an online sha256 generator.

However I am always getting 401 SubCode:40103 Invalid authorization token signature. Hoping someone could give me assistance so I can get messages from the queue.

example:

SharedAccessSignature sig=ab5c0a1b42b96af5ef9cbc85c7088651e9ebf8785d1eeffe6c4955be2c70ca2b&se=7270650090&skn=MyAccessKey&sr=https%3A%2F%2Fnamespace.servicebus.windows.net%2Fqueuename

1
azureazureservicebusrestful-authentication
Can you try by changing /n in sr & /n & epoch-timeto \n?Gaurav Mantri
@GauravMantri-AIS i did mean new line with /n I am doing \n alreadyAnicho
One more thing: Are you URL encoding your sr?Gaurav Mantri
@GauravMantri-AIS I am percent url encoding my srAnicho
Hmm...Can you share some screenshots or something?Gaurav Mantri

1 Answers

0
votes

According to the 401 error means that the token is not vaild.

Use the below code to generate the correct SAS Token and then pass the generated token to Authorization header:

using System;
using System.Globalization;
using System.Security.Cryptography;
using System.Text;
using System.Web;

namespace App1
{
    class Program
    {
        static readonly string queueUrl = "TODO"; // Format: "https://<service bus namespace>.servicebus.windows.net/<queue name>";
        static readonly string signatureKeyName = "TODO";
        static readonly string signatureKey = "TODO";
        static readonly TimeSpan timeToLive = TimeSpan.FromDays(1);
        static void Main(string[] args)
        {
            var token = GetSasToken(queueUrl, signatureKeyName, signatureKey, timeToLive);
            Console.WriteLine("Authorization: " + token);
            Console.WriteLine("Press any key to exit.");
            Console.ReadLine();
        }
        public static string GetSasToken(string resourceUri, string keyName, string key, TimeSpan ttl)
        {
            var expiry = GetExpiry(ttl);
            string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;
            HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
            var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
            var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}",
            HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);
            return sasToken;
        }

        private static string GetExpiry(TimeSpan ttl)
        {
            TimeSpan expirySinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1) + ttl;
            return Convert.ToString((int)expirySinceEpoch.TotalSeconds);
        }
    }
}