I am trying to authenticate a get request to the azure storage api using the below python function however I am getting the following error:
<Response [403]>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
The url of the request I am trying to make is:
'https://{account name}.dfs.core.windows.net/{file system}?directory={directory}&recursive=False&resource=filesystem'
Documentation for the REST api: https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list
Documentation on how to authenticate using account key: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
def get_shared_access_authorization(self, directory):
directory = directory
file_system_name = self.fileSystem
storage_account_name = self.storageAccountName
storage_account_key = self.accountKey
request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
string_params = {
'verb': 'GET',
'Content-Encoding': '',
'Content-Language': '',
'Content-Length': '',
'Content-MD5': '',
'Content-Type': '',
'Date': '',
'If-Modified-Since': '',
'If-Match': '',
'If-None-Match': '',
'If-Unmodified-Since': '',
'Range': '',
'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name + '\ndirectory:'+directory+'\nrecursive:false\nresource:filesystem'
}
string_to_sign = (string_params['verb'] + '\n'
+ string_params['Content-Encoding'] + '\n'
+ string_params['Content-Language'] + '\n'
+ string_params['Content-Length'] + '\n'
+ string_params['Content-MD5'] + '\n'
+ string_params['Content-Type'] + '\n'
+ string_params['Date'] + '\n'
+ string_params['If-Modified-Since'] + '\n'
+ string_params['If-Match'] + '\n'
+ string_params['If-None-Match'] + '\n'
+ string_params['If-Unmodified-Since'] + '\n'
+ string_params['Range'] + '\n'
+ string_params['CanonicalizedHeaders']
+ string_params['CanonicalizedResource'])
signed_string = base64.b64encode(
hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
digestmod=hashlib.sha256).digest()).decode()
headers = {
'x-ms-date': request_time,
'x-ms-version': '2018-11-09',
'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)
}
return headers
I have checked that all inputs (directory, file system name, storage account name and account key) are correct. Any help would be greatly appreciated.
Update: I have tried using both 'SharedKey' and 'SharedKeyLite' in the auth header.
Update 2: The problem was solved by swapping from 'false' to 'False'. I have generalised the working function and included it below.
def get_shared_access_authorization(self, directory, file_system_name, storage_account_name, storage_account_key):
request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
string_params = {
'verb': 'GET',
'Content-Encoding': '',
'Content-Language': '',
'Content-Length': '',
'Content-MD5': '',
'Content-Type': '',
'Date': '',
'If-Modified-Since': '',
'If-Match': '',
'If-None-Match': '',
'If-Unmodified-Since': '',
'Range': '',
'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name + '\ndirectory:'+directory+'\nrecursive:False\nresource:filesystem'
}
string_to_sign = (string_params['verb'] + '\n'
+ string_params['Content-Encoding'] + '\n'
+ string_params['Content-Language'] + '\n'
+ string_params['Content-Length'] + '\n'
+ string_params['Content-MD5'] + '\n'
+ string_params['Content-Type'] + '\n'
+ string_params['Date'] + '\n'
+ string_params['If-Modified-Since'] + '\n'
+ string_params['If-Match'] + '\n'
+ string_params['If-None-Match'] + '\n'
+ string_params['If-Unmodified-Since'] + '\n'
+ string_params['Range'] + '\n'
+ string_params['CanonicalizedHeaders']
+ string_params['CanonicalizedResource'])
signed_string = base64.b64encode(
hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
digestmod=hashlib.sha256).digest()).decode()
headers = {
'x-ms-date': request_time,
'x-ms-version': '2018-11-09',
'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)
}
return headers