Share via

Authentication Error when trying to access Storage Queue using service principal programatically

Punith Kumar 1 Reputation point
2022-02-16T22:50:27.783+00:00

I'm trying to access storage queue using service principal programatically using spring boot . Ending up with this error.

com.azure.storage.queue.models.QueueStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "?<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:...............................
Time:2022-02-16T22:33:18.4506561Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request '............................' is not the same as any computed signature. Server used following string to sign: 'PUT

Wed, 16 Feb 2022 22:33:16 GMT

x-ms-client-request-id:...............................
x-ms-version:2020-10-02

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,948 questions
Azure Queue Storage
Azure Queue Storage
An Azure service that provides messaging queues in the cloud.
100 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,679 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. shiva patpi 13,171 Reputation points Microsoft Employee
    2022-02-19T02:53:26.45+00:00

    Hello @Punith Kumar ,
    How is the Service Principal getting authenticated with Storage account? If that is using SAS - There can be many reasons for this error:

    1) It seems there are Insufficient SAS Permissions. For example , trying to do a write operation with a SAS which only permits read
    Can you try generating the new SAS key ?

    2) Can you kindly ensure that the client request does not include any empty headers when it is being access programmatically. If the value of a particular header is empty (or null), the header should be excluded from the request.

    0 comments