Asked by:
Can not login into my server

Question
-
Hi
I created my own server in Azure couple of weeks ago. I have put MySql database on it and i was able to login into it and add tables and insert things into these tables. But now, for some reason im unable to log in (im using same login and password) and im getting this message: "The X-CSRF-Signature header could not be validated.". I dont understand why, can someone explain me this?. Thank you for answers. I have free version of azure.
All replies
-
-
Hi
I don't think it is a problem. I was able to change my database before, then I left it for a week and then im unable to edit tables from azure site. I can however chage my database using Microsoft SQL Server Management Studio 18 and using the same login and password. Also i want to add that i only have one server and one database on it with no tables thats all
-
Hi,
Apologies for the delay. For a deeper investigation and immediate assistance on this issue, if you have a support plan you may file a support ticket, else could you send an email to AzCommunity @ Microsoft dot com with the below details, we would like to work closer with you on this matter.
Thread URL:
Subscription ID: -
-
Hi Tadude
This header is created and validated to prevent a certain type of attack against Azure SQL Servers. Specifically, some web browsers can save your passwords which might then allow an attacker who doesn’t know the password to issue queries using the remembered password. In order to prevent this type of attack, known as Cross Site Request Forgery (CSRF), Azure attach this little bit of extra data, called the “CSRF Signature”. This signature proves that the credentials were known at the time of the request, not just remembered by the browser.
This security mechanism requires that your clocks are synchronized to within 5 minutes of our servers, to prevent replay attacks with old CSRF signatures.
Please ensure that your clock is set to the correct time, as this is the most likely cause for the error message you observed.
Thanks
Navtej S -
-
Hi
One of the customers completed an experiment and found the issue is with Proxy connection interaction with TLS.
Here are the results:
Also the product team is aware of the issue and will try to fix this by end of Sept 2019.
Thanks
Navtej S -
Hi
The issue was coming when customer use proxy network to open the portal and when TLS enabled.
The issue is caused by a code bug, when signing X-CSRF Azure was using list of headers that was sent from customer and on Azure side it was checked again that list is the same. But some of the proxies and browsers can delete some of the request headers, so PG team deleted one of the request headers that was redundant and was sometimes cleaned by proxy or browser. The product group developers have made code fix for this issue and the fix will be deployed worldwide soon.
So if the issue has resolved for you, please mark this reply as an answer so it can help other users.
Thanks
Navtej S