how to construct authorization header for Azure File share with shared key using powershell

1
votes

I am trying to get share stats from Azure File share rest api with shared key as authentication but cant seems to be figure out authorization header

$storageAccount = 'XXXX'
$key = 'XXXXXXXX'
$resource = 'FileShare'

$sharedKey = [System.Convert]::FromBase64String($Key)
$date = [System.DateTime]::UtcNow.ToString("R")

$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`nx-ms-date:$date`nx-ms-type:file`nx-ms-version:2017-04-17`n/$storageAccount/$resource`nrestype:share"

$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey

$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))

$authHeader = "SharedKey ${StorageAccount}:$signedSignature"

$headers = @{"x-ms-date"=$date
             "x-ms-version"="2009-09-19"
             "Authorization"=$authHeader}
$URI = "https://$storageAccount.file.core.windows.net/FileShare?restype=share&comp=stats"

$sharestats = Invoke-RestMethod -method GET -Uri  $URI -Headers $headers


Getting following error


Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the 
request. Make sure the value of Authorization header is formed correctly 
including the signature.
RequestId:775d1220-801a-0183-1c21-813f18000000
Time:2020-09-02T12:06:23.5857168ZThe MAC signature found in the HTTP request 
'ZIDwiCzzRcqJuIUbtGXUSC+jZ1tXgwnyZaIH12FXXXX=' is not the same as any computed 
signature. Server used following string to sign: 'GET
x-ms-date:Wed, 02 Sep 2020 12:06:23 GMT
x-ms-version:2009-09-19
/storageaccount/fileshare
comp:stats
restype:share'.
At line:30 char:15
+ ... harestats = Invoke-RestMethod -method GET -Uri  $URI -Headers $header ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:Htt 
   pWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe 
   ll.Commands.InvokeRestMethodCommand

Reference : https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key and https://docs.microsoft.com/en-us/rest/api/storageservices/get-share-stats

1
azurepowershell

1 Answers

2
votes

According to the error message, you should remove "x-ms-type:file" and add comp:stats in the stringToSign .

For example

$storageAccount = "andyprivate"
$accesskey = "h4pP1fe76m8hdksFW3TvkO6hgw09Mjue7yJOnULPI/g2eU8LGJ+a6k6SrU6dUkOU77waZfU8CacyVMlTWAUA5A==";
$resource = 'share2'
$version="2017-04-17"

$date = [System.DateTime]::UtcNow.ToString("R",[Globalization.CultureInfo]::InvariantCulture)

$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`n"+
           "x-ms-date:$date`nx-ms-version:$version`n" +
           "/$storageAccount/$resource`ncomp:stats`nrestype:share" 
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Convert]::FromBase64String($accesskey)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signature = [Convert]::ToBase64String($signature)

$headers=@{"x-ms-date"=$date;
           "x-ms-version"= $version;
           "Authorization"= "SharedKey $($storageAccount):$signature"
}
$URI = "https://$storageAccount.file.core.windows.net/$($resource)?restype=share&comp=stats"

$response = Invoke-RestMethod $URI -Method 'GET' -Headers $headers -UseBasicParsing

$response

enter image description here