none
SASNetworkError

    Question

  • We are building a web based audio streaming platform for our customer where we use aurora.js and pass it a SAS URL to a file in blob storage.

    Most of the times this is working correctly, but sporadically, when switching between audio files, we start receiving 403 (forbidden) responses. When using Firebug to send the exact same request again, then sometimes it still fails, but sometimes it succeeds.

    The failed response looks like this:

    403 Server failed to authenticate the request. Make sure the value of
    Authorization header is formed correctly including the signature.
    Transfer-Encoding:  chunked Server:  Microsoft-HTTPAPI/2.0
    x-ms-request-id:  <removed>
    access-control-expose-headers: 
    Content-Type,Accept-Ranges,Content-Encoding,Content-Length,Content-Range
    Access-Control-Allow-Origin:  * Date:  Fri, 12 Aug 2016 06:31:58 GMT

    It should be evident that the request itself is formed correctly as sending it a second time often results in a correct response

    After searching around I decided to use Azure Management Studio to extract the log files from the storage account and I managed to find a log which gives an indication of what is going wrong. This is the log line:

    1.0;2016-08-12T10:26:27.7337647Z;GetBlob;SASNetworkError;206;19002;6;sas;;[xxx];blob;"https://[xxx].blob.core.windows.net:443/files/[xxx].flac?sv=2015-04-05&amp;sr=b&amp;si=flacpolicy636065943797947863&amp;sig=XXXXX&amp;sip=[xxx]";"/[xxx]/files/[xxx].flac";8f7d48a3-0001-0017-5983-f499a7000000;0;[xxx]:40690;2015-04-05;637;0;499;0;0;;;"&quot;0x8D35C8CDDD72689&quot;";Monday, 04-Apr-16 13:27:27 GMT;;"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0";"http://[xxx].azurewebsites.net/";

    Does anyone have a clue what might be going wrong?


    • Edited by BartNL1987 Friday, August 12, 2016 10:52 AM
    Friday, August 12, 2016 10:50 AM

Answers

  • I discovered what caused my errors: There's a maximum of 5 named access policies on a container. I was creating a new access policy for each play and registered that under a new name. I solved this by creating a new policy and passing it to the GetSharedAccessSignature call.

    • Marked as answer by BartNL1987 Friday, August 12, 2016 2:11 PM
    Friday, August 12, 2016 2:10 PM