locked
Customer has enabled "FIPS" mode in the server. Due to this our application is unable to download the evidence from blob storage RRS feed

  • Question

  • Problem statement: 
    Customer has enabled "FIPS" mode in the server. Due to this our application is unable to download the evidence from blob storage.

    Issue:
     Exception Type:Microsoft.WindowsAzure.Storage.StorageException
                 Exception Message:Exception has been thrown by the target of an invocation.
                 Additional Info:Microsoft.WindowsAzure.Storage.StorageException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException:
      This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
       at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
       --- End of inner exception stack trace ---
      


    resolution:
    We tried using Microsoft.Azure.Storage.Blob.dll, but still same issue.

    How to resolve this encryption issue ?
    Friday, March 20, 2020 8:04 AM

Answers

  • @sumanth,

    sorry for the delay. We have added the below fix for the issue. It is working now.

    Fix : Below code snippet is added before making call to DownloadToFile method.

    var blobRequestOptions = new BlobRequestOptions

    {

           DisableContentMD5Validation = true

    };

    destBlob.DownloadToFile(destPath, FileMode.Create,null, blobRequestOptions);

    Friday, May 8, 2020 5:31 AM

All replies

  • @Pokkireddy  For better understanding : Can you bit elaborate more on the issue? What exactly are you trying to perform? How are you trying to download data from blob storage?
    If you are getting any error message or error code, please do share the screen shot? 

    My guess is that the error happens because MD5 is not part of FIPS and you are using MD5 to compute the hash of the block being uploaded/downloaded.

    Can you try Azcopy to downloaded and let me know the status.

    Additional information: FIPS is not recommended now per: https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members

    Friday, March 20, 2020 8:31 AM
  • Can you bit elaborate more on the issue?

    We are using windows service application which is used to connect azure government site and

    download the evidence to on-premises server.

    How are you trying to download data from blob storage? -- Please refer the code.
    If you are getting any error message or error code, please do share the screen shot?

    Refer the above comment for error message. we are not getting any error code.

    we are not using MD5 to compute the hash. i think Microsoft.Azure.Storage.Blob.dll is using this MD5 ?

    i will try with azcopy and let u know.

    How to fix this issue ?

    Below is the sample code used.

    Microsoft.Azure.Storage.Blob.dll //namespace StorageCredentials storageCred = new StorageCredentials(AzureUserName, AzurePassword); CloudStorageAccount cloudStorage = new CloudStorageAccount(storageCred, endpoint, useHttps: true); CloudBlobClient blobClient = cloudStorage.CreateCloudBlobClient(); CloudBlobContainer blobContainer = blobClient.GetContainerReference(destContainer); This method will return blobcontainer and value is stored in destBlob CloudBlockBlob destBlob = azUtility.GetCloudBlobContainer(AzConnString, AzurePassword, endpoint, driveInfo.Drive).GetBlockBlobReference(file.EntityPath + "/" + file.FileName); destBlob.DownloadToFile(destPath, FileMode.Create); Error occurred in destBlob.DownloadToFile((destPath, FileMode.Create) method


    Friday, March 20, 2020 9:17 AM
  • @Pokkireddy Sure! Thanks for the update.

    Please check with the AZCOPY and let me know the status 

    Friday, March 20, 2020 5:58 PM
  •  @Pokkireddy Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Monday, March 23, 2020 5:32 AM
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, April 1, 2020 6:42 AM
  • @Pokkireddy Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Tuesday, April 7, 2020 5:25 AM
  • @sumanth,

    sorry for the delay. We have added the below fix for the issue. It is working now.

    Fix : Below code snippet is added before making call to DownloadToFile method.

    var blobRequestOptions = new BlobRequestOptions

    {

           DisableContentMD5Validation = true

    };

    destBlob.DownloadToFile(destPath, FileMode.Create,null, blobRequestOptions);

    Friday, May 8, 2020 5:31 AM
  • Glad to hear that issue got fixed. Appreciate for sharing the steps which helped you, this would certainly benefit other community members

    Friday, May 8, 2020 7:03 AM