locked
CloudFileShare & GetPermissions = 403 error RRS feed

  • Question

  • Does anyone have any insight on how I can get this working? I'm using a long-term SAS to access the share. Thank you!
    Thursday, May 10, 2018 1:57 PM

All replies

  • When a client provides a SAS URI to Azure Storage as part of a request, the service checks the SAS parameters and signature to verify that it is valid for authenticating the request. If the service verifies that the signature is valid, then the request is authenticated. Otherwise, the request is declined with error code 403 (Forbidden).

    Could you little elaborate the scenario?

    403 Forbidden error is typically caused by authentication failure, please ensure the SAS has enough permission.

    Refer : Best practices when using SAS , Constructing a Service SAS and SAS Error Codes




    • Edited by Sandeep BR Thursday, May 10, 2018 6:16 PM
    Thursday, May 10, 2018 6:16 PM
  • thank you very much for your prompt reply. Here is my code in question; All is well until 

    • var permissions = fileShare.GetPermissions();

    Thanks again!


            static FileHelper()
            {
                StorageAccount = new CloudStorageAccount(new StorageCredentials(SasToken), "account name", "core.windows.net", true);
            }

            private static CloudStorageAccount StorageAccount { get; }

            private const string SasToken = "1 year token";

            public static string GetFile(EnShareType shareType, string filename, string directory = "")
            {
                var fileClient = StorageAccount.CreateCloudFileClient();
                var fileShare = fileClient.GetShareReference("test");

                if (!fileShare.Exists())
                {
                    return string.Empty;
                }

                var rootDirectory = fileShare.GetRootDirectoryReference();

                if (!rootDirectory.Exists())
                {
                    return string.Empty;
                }

                CloudFile cloudFile;

                var directorySpecified = !string.IsNullOrWhiteSpace(directory);

                if (directorySpecified)
                {
                    var fileDirectory = rootDirectory.GetDirectoryReference(directory);

                    if (!fileDirectory.Exists())
                    {
                        return string.Empty;
                    }

                    cloudFile = fileDirectory.GetFileReference(filename);
                }
                else
                {
                    cloudFile = rootDirectory.GetFileReference(filename);
                }

                var sharedPolicy = new SharedAccessFilePolicy
                {
                    Permissions = SharedAccessFilePermissions.Write | SharedAccessFilePermissions.Read |
                                  SharedAccessFilePermissions.List,
                    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1)
                };

                var permissions = fileShare.GetPermissions();
                //var permissions = new FileSharePermissions();

                var policyName = "fileSharePolicy" + DateTime.UtcNow.Ticks;

                permissions.SharedAccessPolicies.Add(policyName, sharedPolicy);
                fileShare.SetPermissions(permissions);

                var sasToken = cloudFile.GetSharedAccessSignature(null, policyName);
                var fileSasUri = new Uri($"{cloudFile.Uri.AbsoluteUri}{sasToken}");

                return fileSasUri.ToString();
            }

    Thursday, May 10, 2018 6:40 PM
  • Anybody have some feedback. Stuck...
    Friday, May 11, 2018 7:17 PM
  • Can you specifically provide the full error message you are getting ? Also, Are you using the File service rest API ? https://docs.microsoft.com/en-us/rest/api/storageservices/file-service-rest-api

    Could you also try to give us more details on what you are trying to accomplish ? Is is it only accessing a file share ?

    Thanks,
    Adam
    Tuesday, May 15, 2018 9:51 PM