locked
Getting 403 Authorization header issue with Signature with Azure Free Trail storage account RRS feed

  • Question

  • Hi All,

    I am new to Azure service. I have created a Azure storage account and created a public container.

    I tried to upload a BlockBlob using HTTP PUT. To create the authorization header it is asking me to input secretKey for HMAC signature signing. What is the secretKey? Is it a  PRIMARY ACCESS KEY or SECONDARY ACCESS KEY of my storage account ? or my account password?

    And what is the x-ms-version for my Trail storage account and where to find it?

    I always get 403 HTTP error complaining about signed authorization signature invalid. Where to find the sample for my trail storage account?

    Here is the error- "403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature"

    Please help me in getting the solutions.

    Here is the java code I am using to construct the auth signature.

    ---------------------------------------------------------------

    public String sign(String stringToSign, String accessKey){

    //Generate Signed context           
    SecretKey hmacKey = new SecretKeySpec(accessKey.getBytes(), "hmacSHA256");
    Mac mac = Mac.getInstance("hmacSHA256");
    mac.init(hmacKey);

    byte[] digest=mac.doFinal(stringToSign.getBytes("UTF8"));

    String encodedStringToSign = new String(Base64.encodeBase64(digest));

    System.out.println(" encodedStringToSign-->" + encodedStringToSign);
    return encodedStringToSign;

      }
     catch (  Exception e) {
    throw new IllegalArgumentException("accessKey",e);
      }
    }

    ----------------------------------------------------------------

       Thanks,

    Sanjay




    • Edited by Sanjay-K Monday, August 31, 2015 2:43 AM
    Monday, August 31, 2015 2:23 AM

All replies

  • Hi there,

    Handing out the access key for a storage account is not a recommended approach, depending where the code runs. The secondary access key is only there for rotating keys (so you always have one active and on that can be changed).

    If you have clients wanting to upload to azure storage blobs you should use Shared Access Signatures. With these you can manage access right to the storage.

    Are you using the storage clients available for JAVA? These greatly simplify writing code that uses Azure storage and include retry logic etc.


    Please mark answered question as anwered to let others know about it.




    Monday, August 31, 2015 9:26 AM
  • Thanks Valery for replying to my questions.

    We are using Azure Storage service Blob REST API from TIBCO with HTTP Request.

    This REST API need HTTP Authorization. To create authorization signature I am following below link.

    https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx

    And PutBlob API

    https://msdn.microsoft.com/en-us/library/dd179451.aspx

    So when I create the Auth signature it is complaining that my signature is not valid.

    Monday, August 31, 2015 3:34 PM