none
Trying to use a SAS on a queue to post a message - Cannot successfully construct client

    Question

  • Using VS 2013, .NET 4.5 target, and WindowsAzureStorageClient from NuGET.

    I have a use case where I want an application to post messages to a specific queue, but I don't want to give the storage account keys out (obviously).

    So I thought I would create a SharedAccessQueuePolicy, apply it to the queue, and then I can give out the SAS key instead.

    To create:

    StorageCredentials sc = new StorageCredentials("account",key);
    CloudStorageAccount csa = new CloudStorageAccount(sc,false);
    CloudQueueClient cqc = new csa.CreateCloudQueueClient();
    CloudQueue q = cqc.GetQueueReference("mailbox");
    
    q.Create();
    SharedAccessQueuePolicy shAPadd = new SharedAccessQueuePolicy()
    {
         Permissions = SharedAccessQueuePermissions.Add,
         SharedAccessExpiryTime = new DateTime(2040,12,31,0,0,0)
    };
    
    QueuePermissions qp = new QueuePermissions();
    qp.SharedAccessPolicies.Add("addKey", shAPadd);
    
    q.SetPermissions(qp);


    To retrieve the key, I use:

    //... using an initialised client as above
    CloudQueue q = cdc.GetQueueReference("mailbox");
    
    string sastoken = q.GetSharedAccessSignature(new SharedAccessQueuePolicy(), "addKey");
    

    Now, in my client, I retrieve sastoken from the configuration settings, and to add a message, the code I have looks like this:

    StorageCredentials sc = new StorageCredentialsSharedAccessSignature(saskey);
    
    CloudQueueClient c = new CloudQueueClient("http://storageaccount.queue.core.windows.net", sc);
    CloudQueue q = c.GetQueueReference("mailbox");
    CloudQueueMessage m = new CloudQueueMessage("Hello World");
    q.AddMessage(m);

    However, I always get an exception thrown in the "new CloudQueueClient(....)" line, the additional information for which reads

    The supplied credentials '{0'} cannot be used to sign request

    That suggests I am obviously doing something wrong, but what is it?

    SteveS


    Steve Spencer

    Thursday, June 12, 2014 4:45 PM

Answers

  • Hi,

    I suggest you read below article, it give us detailed information.

    #http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-2/

    I test this on my side, below is my code using SAS in azure queue.

    Generate a Shared Access Signature URI for a Queue:

        static string GetQuerySasUri(CloudQueue query)
            {
        
                SharedAccessQueuePolicy sasConstraints = new SharedAccessQueuePolicy();
                sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(4);
                sasConstraints.Permissions = SharedAccessQueuePermissions.Add | SharedAccessQueuePermissions.Read | SharedAccessQueuePermissions.Update;
                string sasContainerToken = query.GetSharedAccessSignature(sasConstraints);
                return query.Uri + sasContainerToken;
            }

    Method to Try Queue Operations Using a Shared Access Signature:

        string sas= "https://jamborstorage.queue.core.windows.net/myqueue?sv=2014-02-14&sig=m8fR0Auqo%2FyIDrbPj8BuNbKmeEuD%2Bhw9Yk8HCtEXJeo%3D&se=2014-06-13T11%3A05%3A17Z&sp=rau";
                CloudQueue queue = new CloudQueue(new Uri(sas));
                queue.CreateIfNotExists();
    
                // Create a message and add it to the queue.
                CloudQueueMessage message = new CloudQueueMessage("Hello, World");
                queue.AddMessage(message);

    Hope this help, if you find this doesn't give you any help, please feel free follow up.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by SteveS_ Friday, June 13, 2014 7:32 AM
    Friday, June 13, 2014 7:13 AM
    Moderator

All replies

  • Hi,

    I suggest you read below article, it give us detailed information.

    #http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-2/

    I test this on my side, below is my code using SAS in azure queue.

    Generate a Shared Access Signature URI for a Queue:

        static string GetQuerySasUri(CloudQueue query)
            {
        
                SharedAccessQueuePolicy sasConstraints = new SharedAccessQueuePolicy();
                sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(4);
                sasConstraints.Permissions = SharedAccessQueuePermissions.Add | SharedAccessQueuePermissions.Read | SharedAccessQueuePermissions.Update;
                string sasContainerToken = query.GetSharedAccessSignature(sasConstraints);
                return query.Uri + sasContainerToken;
            }

    Method to Try Queue Operations Using a Shared Access Signature:

        string sas= "https://jamborstorage.queue.core.windows.net/myqueue?sv=2014-02-14&sig=m8fR0Auqo%2FyIDrbPj8BuNbKmeEuD%2Bhw9Yk8HCtEXJeo%3D&se=2014-06-13T11%3A05%3A17Z&sp=rau";
                CloudQueue queue = new CloudQueue(new Uri(sas));
                queue.CreateIfNotExists();
    
                // Create a message and add it to the queue.
                CloudQueueMessage message = new CloudQueueMessage("Hello, World");
                queue.AddMessage(message);

    Hope this help, if you find this doesn't give you any help, please feel free follow up.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by SteveS_ Friday, June 13, 2014 7:32 AM
    Friday, June 13, 2014 7:13 AM
    Moderator
  • Many thanks. None of the examples I had seen made it clear that I could instantiate a queue object in that way, hence my confusion.

    Regards

    Steve


    Steve Spencer

    Friday, June 13, 2014 7:33 AM