locked
Signature did not match. String to sign used was r 2014-05-22T20:48:00Z 2014-05-22T20:51:00Z RRS feed

  • Question

  • Trying to Construct a Shared Access Signature URI for a Blob access in a container

    I am getting the following exception below

    <?xml version="1.0" encoding="UTF-8"?>

    <Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:e424e1ac-fd96-4557-866a-992fc8c41841 Time:2014-05-22T18:46:15.3436786Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was r 2014-05-22T18:45:06Z 2014-05-22T18:48:06Z /legalzoom/501362787/State.SearchResults.pdf twominutepolicy 2013-08-15 </AuthenticationErrorDetail></Error>

    This works perfectly fine when I use Windows Azure Storage reference

    //Generate the shared access signature on the blob.

    string sasBlobToken = blob.GetSharedAccessSignature(sharedPolicy, "twominutepolicy");

    Only when I  use Shared Access Signature URI  , using  StringToSign option I getting the following exception above.

    Article: Using Version 2013-08-15

    http://msdn.microsoft.com/en-US/library/azure/dn140255.aspx

    CODE SNIPPET:

           BlobHelper BlobHelper = new BlobHelper(StorageAccount, StorageKey);
            string signature = "";

            string signedstart = DateTime.UtcNow.AddMinutes(-1).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
            string signedexpiry = DateTime.UtcNow.AddMinutes(2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");

            //// SET CONTAINER LEVEL ACCESS POLICY
            string accessPolicyXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
                                   "<SignedIdentifiers>\n" +
                                   "  <SignedIdentifier>\n" +
                                   "    <Id>twominutepolicy</Id>\n" +
                                   "    <AccessPolicy>\n" +
                                   "      <Start>" + signedstart + "</Start>\n" +
                                   "      <Expiry>" + signedexpiry + "</Expiry>\n" +
                                   "      <Permission>r</Permission>\n" +
                                   "    </AccessPolicy>\n" +
                                   "  </SignedIdentifier>\n" +
                                   "</SignedIdentifiers>\n";


            BlobHelper.SetContainerAccessPolicy("501362787", "container", accessPolicyXml));

            string canonicalizedresource = "/legalzoom/501362787";


            string StringToSign = String.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
                    "r",
                    signedstart,
                    signedexpiry,
                    canonicalizedresource,
                    "twominutepolicy",
                    "2013-08-15",
                    "rscc",
                    "rscd",
                    "rsce",
                    "rscl",
                    "rsct"
                    );

     


            using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(StorageKey)))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));

            }
        
            StringBuilder sasToken = new StringBuilder();

            sasToken.Append(BlobHelper.DecodeFrom64(e.Item.ToolTip).ToString().Replace("http","https") + "?");

            //signedversion
            sasToken.Append("sv=2013-08-15&");
           
            sasToken.Append("sr=b&");
            //
            sasToken.Append("si=twominutepolicy&");
            sasToken.Append("sig=" + signature + "&");
            //
            sasToken.Append("st=" + HttpUtility.UrlEncode(signedstart).ToUpper() + "&");
            //
            sasToken.Append("se=" + HttpUtility.UrlEncode(signedexpiry).ToUpper() + "&");
            //
            sasToken.Append("sp=r");

            string url = sasToken.ToString();

    Any help appreciated.

    Seetha

    Thursday, May 22, 2014 9:28 PM

All replies

  • Hi,

    This works perfectly fine when I use Windows Azure Storage reference, Which operation have you done? When you encountered error, which operation are you doing? Please feel free to let me know.

    Regards

    Friday, May 23, 2014 2:21 PM
  • I am trying to do

    Shared Access Signatures  Operation  by  Constructing the Signature String and build a URL for accessing a Blob for given period of time

    example I was looking at is below, based on that I wrote the above code

     http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx

      Version 2013-08-15
    StringToSign = signedpermissions + "\n"
                   signedstart + "\n"
                   signedexpiry + "\n"
                   canonicalizedresource + "\n"
                   signedidentifier + "\n"
                   signedversion + "\n"
                   rscc + "\n"
                   rscd + "\n"
                   rsce + "\n"
                   rscl + "\n"
                   rsct

     

    I had achieved the Shared Access Signature by referring Azure Storage Objects like the following below

     public static string GetSasUrl(CloudBlobContainer container, string fileName)
     {
                //Get the container's existing permissions.
                BlobContainerPermissions permissions = new BlobContainerPermissions();

                // The public access setting explicitly specifies that the container is private,
                // so that it can't be accessed anonymously.
                permissions.PublicAccess = BlobContainerPublicAccessType.Off;


                permissions.SharedAccessPolicies.Clear();
                permissions.SharedAccessPolicies.Add("twominutepolicy", new SharedAccessBlobPolicy());
                container.SetPermissions(permissions);

                SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy()
                {
                    SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-1),
                    SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2),
                    Permissions = SharedAccessBlobPermissions.Read
                };

                //Get a reference to a blob within the container.
                CloudBlockBlob blob = container.GetBlockBlobReference(fileName);

                //Generate the shared access signature on the blob.
                string sasBlobToken = blob.GetSharedAccessSignature(sharedPolicy, "twominutepolicy");

                //Return the URI string for the container, including the SAS token.
                return sasBlobToken;
    }

    In above code I didn't refer any Azure objects but I am trying use StringToSign and 

           using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(StorageKey)))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));

            }

    to return a Token , and build URL for accessing a blob, but its throwing an exception as mentioned above.


    seetharam_75@hotmail.com

    Friday, May 23, 2014 5:51 PM