none
CloudBlob time different to DateTime.UtcNow

    Question

  • Hi,

    I have a windows azure service that is trying to generate a shared access signature but it generates the incorrect time.

    var sas = blob.GetSharedAccessSignature(new SharedAccessPolicy()
                {
                    Permissions = SharedAccessPermissions.Read,
                    SharedAccessExpiryTime = DateTime.UtcNow + TimeSpan.FromMinutes(accessWindowMinutes)
                });   


    Using the above code I get the signature of:

    se=2011-12-15T02%3A08%3A31Z&sr=b&sp=r&sig=3LMVRxjJ5qXu322deILMf8hA3aiCi8LKfwAIEmANsx8%3D

    however accessing the blob gives the following error:

    <Error><Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:ab4dce20-5629-4839-bb43-7e7d41d50762 Time:2011-12-15T01:08:39.6475705Z
    </Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was r2011-12-15T02:08:31Z/REMOVEDADDRESS </AuthenticationErrorDetail></Error>


    It looks like my DateTime.UtcNow gives a different time to what azure is using.

     

    Any help would be greatly appreciated.

    Thursday, December 15, 2011 1:18 AM

Answers

  • Sorry, did not close this thread. This issue was resolved - the problem was that the blob url name had an extra '/' in it when creating the SAS signature causing the auth error.
    Tuesday, February 21, 2012 8:37 AM

All replies

  • Hi, looks like you haven't specified start time. You need to specify SharedAccessStartTime. Note due to clock drift, usually you want to set start time to 1 minute before the current time instead of the current time, so SAS will work immediately.
    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    Thursday, December 15, 2011 2:15 PM
  • You do not have to provide a start time as it is optional.

    Just curious: does it fail even if you try after some time or does that succeed? Have you verified that the key is correct? If it does not succeed after sometime and your key is correct, we may need your account name and request id. If you can send it to jharidas at microsoft, that will be great. 

     

    Thanks,

    jai

    Thursday, December 15, 2011 3:40 PM
  • Ok, So I've done a further test.

    I've tried what MingXu-MSFT suggested and set the start time as well as the expiration time.

    Now it's starting to look really weird because my time looks like it falls within the valid access window.

     

     

    <Error><Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
    RequestId:1bf511a1-c3f2-428d-b5a4-f2c036967c7e
    Time:2011-12-21T04:03:12.3937484Z
    </Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was r
    2011-12-21T04:02:59Z
    2011-12-21T05:02:59Z
    /XXXXX/fasttrackresources/reports/-82444/TheWhisper.pdf
    </AuthenticationErrorDetail></Error>
    

     

    Also Jai, I have sent you an email with my service subscription details. Have you got it or should I try to email again?


    • Edited by Kym McGain Wednesday, December 21, 2011 9:54 PM Removed private information
    Wednesday, December 21, 2011 4:12 AM
  • Sorry, did not close this thread. This issue was resolved - the problem was that the blob url name had an extra '/' in it when creating the SAS signature causing the auth error.
    Tuesday, February 21, 2012 8:37 AM