Windows Azure Platform >
CloudBlob time different to DateTime.UtcNow

Answered CloudBlob time different to DateTime.UtcNow

  • Thursday, December 15, 2011 1:18 AM
     
      Has Code
    Sign In to Vote
    0

    Hi,

    I have a windows azure service that is trying to generate a shared access signature but it generates the incorrect time.

    var sas = blob.GetSharedAccessSignature(new SharedAccessPolicy()
            {
                Permissions = SharedAccessPermissions.Read,
                SharedAccessExpiryTime = DateTime.UtcNow + TimeSpan.FromMinutes(accessWindowMinutes)
            });


    Using the above code I get the signature of:

    se=2011-12-15T02%3A08%3A31Z&sr=b&sp=r&sig=3LMVRxjJ5qXu322deILMf8hA3aiCi8LKfwAIEmANsx8%3D

    however accessing the blob gives the following error:

    <Error><Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:ab4dce20-5629-4839-bb43-7e7d41d50762
Time:2011-12-15T01:08:39.6475705Z
    </Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was r2011-12-15T02:08:31Z/REMOVEDADDRESS
</AuthenticationErrorDetail></Error>


    It looks like my DateTime.UtcNow gives a different time to what azure is using.

     

    Any help would be greatly appreciated.

     

All Replies

  • Thursday, December 15, 2011 2:15 PM
    Moderator
     
     
    Sign In to Vote
    0
    Hi, looks like you haven't specified start time. You need to specify SharedAccessStartTime. Note due to clock drift, usually you want to set start time to 1 minute before the current time instead of the current time, so SAS will work immediately.
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
     
  • Thursday, December 15, 2011 3:40 PM
     
     
    Sign In to Vote
    0

    You do not have to provide a start time as it is optional.

    Just curious: does it fail even if you try after some time or does that succeed? Have you verified that the key is correct? If it does not succeed after sometime and your key is correct, we may need your account name and request id. If you can send it to jharidas at microsoft, that will be great. 

     

    Thanks,

    jai

     
  • Wednesday, December 21, 2011 4:12 AM
     
      Has Code
    Sign In to Vote
    0

    Ok, So I've done a further test.

    I've tried what MingXu-MSFT suggested and set the start time as well as the expiration time.

    Now it's starting to look really weird because my time looks like it falls within the valid access window.

     

     

    <Error><Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:1bf511a1-c3f2-428d-b5a4-f2c036967c7e
Time:2011-12-21T04:03:12.3937484Z
</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was r
2011-12-21T04:02:59Z
2011-12-21T05:02:59Z
/XXXXX/fasttrackresources/reports/-82444/TheWhisper.pdf
</AuthenticationErrorDetail></Error>

     

    Also Jai, I have sent you an email with my service subscription details. Have you got it or should I try to email again?


    • Edited by Kym McGain Wednesday, December 21, 2011 9:54 PM Removed private information
    •  
     
  • Tuesday, February 21, 2012 8:37 AM
     
     Answered
    Sign In to Vote
    0
    Sorry, did not close this thread. This issue was resolved - the problem was that the blob url name had an extra '/' in it when creating the SAS signature causing the auth error.