SAS Token not working for FileUpload IoTHub

Question

I'm trying to replicate this https://github.com/Azure/azure-iot-sdk-csharp/blob/main/iothub/device/samples/getting%20started/FileUploadSample/FileUploadSample.cs example to upload a file.

This part works:

        `// Note: GetFileUploadSasUriAsync and CompleteFileUploadAsync will use HTTPS as protocol regardless of the DeviceClient protocol selection.`

Console.WriteLine("Getting SAS URI from IoT Hub to use when uploading the file...");

FileUploadSasUriResponse sasUri = await _deviceClient.GetFileUploadSasUriAsync(fileUploadSasUriRequest);

Uri uploadUri = sasUri.GetBlobUri();

I get a SASURI https://iotdata4ji3sewik5rhw.blob.core.windows.net/iotuploads/<Devicename><DeviceName>%2Ftestfile.txt?access_token=<a very long token>

This fails with a 401:

            `await blockBlobClient.UploadAsync(fileStreamSource, new BlobUploadOptions());`

The error code is:
Exception thrown: 'Azure.RequestFailedException' in System.Private.CoreLib.dll

Azure.RequestFailedException: Server failed to authenticate the request. Please refer to the information in the www-authenticate header.

RequestId:7c978deb-301e-00b1-4be9-bcefbd000000

Time:2024-06-12T16:54:34.5041923Z

Status: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)

ErrorCode: NoAuthenticationInformation

Content:

<?xml version="1.0" encoding="utf-8"?><Error><Code>NoAuthenticationInformation</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.

RequestId:7c978deb-301e-00b1-4be9-bcefbd000000

Time:2024-06-12T16:54:34.5041923Z</Message></Error>

Headers:

Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0

x-ms-request-id: 7c978deb-301e-00b1-4be9-bcefbd000000

x-ms-client-request-id: 89aad194-a427-43d0-a97b-3d37370a785b

x-ms-version: 2023-11-03

x-ms-error-code: NoAuthenticationInformation

WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/37051258-66ca-457a-a41d-d94c41705e37/oauth2/authorize resource_id=https://storage.azure.com

Date: Wed, 12 Jun 2024 16:54:34 GMT

Content-Length: 302

Content-Type: application/xml

If I use the url with curl <url> --upload-file <file>, I get this error:
<?xml version="1.0" encoding="utf-8"?><Error><Code>PublicAccessNotPermitted</Code><Message>Public access is not permitted on this storage account.

RequestId:3e93c683-f01e-00dc-70e2-bc5bf6000000

Time:2024-06-12T16:04:31.6909721Z</Message></Error>

If I enable public access for test I get this error:

<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.

RequestId:bb2b72e3-901e-00da-53e8-bc6849000000

Time:2024-06-12T16:50:46.2661102Z</Message></Error>

But either way BlockBlobClient stays with 401.

Answer 1

I had a similar problem using the python sdk, if you are using system-assigned authentication type, you always get an access token instead of a sas token

If you are going to use it, you should add a bearer authorization header to the blob client before uploading the file, as show in the line 13, this example is for the python sdk and it works

If you can't add the authorization header, you should change the authentication type to key-based to get a sas token

Answer 2

Hello mikefinch87

welcome to this moderated Azure community forum.

Have you enabled the storage account link in the IoT Hub?

An alternative sample is seen in this blog post.

The full example is available on GitHub.

---

If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.