Setting up Azure blob container access with a SAS key recently and kept hitting a wall with authentication errors trying to list the container contents. The SAS key had read and list permissions, but even granting full permissions kept coming back with the error
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
I was testing this using PowerShell Get-AzStorageContainer, and this was the problem. Getting the storage container needs a SAS key generated at the storage account level, changing the call to use Get-StorageBlob without specifying a blob name allowed the requests to succeed with the read and list permissions.
Here's the full test code as an example (actual resource names removed)
$storageAccount = "my-storage-account"
$container = "my-container"
$sas = 'sp=rl&st=2024-04-08T04:56:21Z&se=2024-04-08T12:56:21Z&spr=https&sv=2022-11-02&sr=c&sig=sig'
$context = New-AzStorageContext -StorageAccountName $storageAccount -SasToken $sas
# this line fails with a 403 authentication error
#(Get-AzStorageContainer -Context $context -Name ci-finance-samples -)
# this one will succeed and output a list of blobs in the container
Get-AzStorageBlob -Context $context -Container $container
No comments:
Post a Comment