locked
403 Error when access Table Storage using SAS token RRS feed

  • Question

  • I have Azure Mobile Service which has a custom API to generate a sas token for accessing Table Storage from Windows Store app.

    I get following error in Windows Store app while accessing table storage using sas token:

    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

    Example of sas token generated:

    se=2014-09-12T03%3A10%3A00Z&sp=rw&spk=MicrosoftAccount%3A005d92ef08ec5d83081afed1e08641d2&epk=MicrosoftAccount%3A005d92ef08ec5d83081afed1e08641d2&sv=2014-02-14&tn=Folders&sig=91c7S1QM0byNdM80JncwRribXqsWS1iKmOH8cRvHWhQ%3D

    Azure Mobile Services API Code that generates sas token:

    exports.get = function(request, response) {
        var azure = require('azure-storage'); 
        var accountName = 'myAccountName';
        var accountKey = 'myAccountKey';
        var host = accountName + '.table.core.windows.net';
        var tableService = azure.createTableService(accountName, accountKey, host);
    
        var sharedAccessPolicy = { 
            AccessPolicy: {
                Permissions: 'rw', //Read and Write permissions
                Expiry: dayFromNow(1),
                StartPk: request.user.userId,
                EndPk: request.user.userId
            }
        };
        
        var sasToken = tableService.generateSharedAccessSignature('myTableName', sharedAccessPolicy);
       
        response.send(statusCodes.OK, { sasToken : sasToken });
    };
        
    function dayFromNow(days){
        var result = new Date();
        result.setDate(result.getDate() + days);
        return result;
    }

    Windows Store app code that uses sas token:

            public async Task TestSasApi()
            {
                try
                {
                    var tableEndPoint = "https://myAccount.table.core.windows.net";
    
                    var sasToken = await this.MobileService.InvokeApiAsync<Azure.StorageSas>("getsastoken", System.Net.Http.HttpMethod.Get, null);
    
                    StorageCredentials storageCredentials = new StorageCredentials(sasToken);
    
                    CloudTableClient tableClient = new CloudTableClient(new Uri(tableEndPoint), storageCredentials);
    
                    var tableRef = tableClient.GetTableReference("myTableName");
    
                    TableQuery query 
                        = new TableQuery().Where(TableQuery.GenerateFilterCondition("PartitionKey",
                                                QueryComparisons.Equal,
                                                this.MobileService.CurrentUser.UserId));
    
                    TableQuerySegment seg = await tableRef.ExecuteQuerySegmentedAsync(query, null);
    
                    foreach (DynamicTableEntity ent in seg)
                    {
                        string str = ent.ToString();
                    }
                }
                catch (Exception ex)
                {
                    string msg = ex.Message;
                }
            }

    Exception:

    Any help is appreciated.

    Thanks in advance!


    Thanks, Vinod Shinde

    Wednesday, September 10, 2014 4:05 AM

Answers

  • Thanks Vinod for the follow up,

    I actually got mine to work...it was a silly misunderstanding on my side, my issue was that the policy had expired!I had set an expiry for 2days, and i thought that meant that any client who had the token would only be able to use it for 2days but alas, its the policy expiry time on the server it seems! I created the policy again,same name etc, put a new expiry time, and voila, it started working again...

    I did this through .net

    My setup is

    Wp8 calls a service and gets given a SAS

    wp8 then makes a request to Azure Table and gets the necessary data.


    http://nzcrmguy.blogspot.com/ http://nzspguy.blogspot.com/

    • Marked as answer by VinodShinde Tuesday, March 1, 2016 3:01 PM
    Sunday, November 16, 2014 9:48 PM

All replies