How to get azure ad token for Azure Storage file share rest api

samer singh 21 Reputation points
2020-08-31T10:44:47.23+00:00

I have below script which I am trying but getting error

$secret = '*****'
$clientID = '********'
$DirectoryID = '*********'

function getBearer([string]$TenantID, [string]$ClientID, [string]$ClientSecret)
{
$TokenEndpoint = {https://login.windows.net/{0}/oauth2/token?api-version=2018-03-28} -f $TenantID
$ARMResource = "https://storage.azure.com/"
$Body = @{
'resource'= $ARMResource
'client_id' = $ClientID
'grant_type' = 'client_credentials'
'client_secret' = $ClientSecret
}

$params = @{
ContentType = 'application/x-www-form-urlencoded'
Headers = @{'accept'='application/json'}
Body = $Body
Method = 'Post'
URI = $TokenEndpoint
}

$token = Invoke-RestMethod @params

Return "Bearer " + ($token.access_token).ToString()
}

$authResult = getBearer -TenantID $DirectoryID -ClientID $clientID -ClientSecret $secret

$authHeader = @{
'Content-Type'='application/json'
'Accept'='application/json'
'Authorization'= "$authResult"
'x-ms-version' = '2018-03-28'
'Date' = "$(get-date)"
}

$request = "https://Storageaccount.file.core.windows.net/Fileshare?restype=share&comp=stats"

$GetFileShareStatss = Invoke-RestMethod -Uri $request -Headers $authHeader -Method Get

Error : Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the
request. Make sure the value of Authorization header is formed correctly
including the signature.
RequestId:28ef36b0-e01a-009f-3280------------
Time:2020-08-31T10:24:29.4577314ZAuthentication scheme Bearer is not supported.
At line:44 char:23

  • ... areStatss = Invoke-RestMethod -Uri $request -Headers $authHeader -Met ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:Htt
    pWebRequest) [Invoke-RestMethod], WebException
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe
    ll.Commands.InvokeRestMethodCommand

Azure storage share rest api : https://learn.microsoft.com/en-us/rest/api/storageservices/get-share-stats

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,213 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,871 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2020-08-31T15:10:35.467+00:00

    @samer singh , Thank you for reaching out. It looks like something not correct with the $authHeader. I tried debugging this script and I found that we are not even getting a token.

    I am sharing a similar script as an attachment to this response, please try to use that and check if you can get this working.
    Note: The script attached uses graph api call. Please do make the necessary changes and update the API to Azure storage API.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    21603-client-credentialflow-apicall.txt