Blob storage sas token issue

Jaspreet Singh 0 Reputation points

Hi, I am using blob storage and sas token to get blob form my private container I am facing this issue and I am not able to find out why this is happening ?



<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:a33620e3-c01e-0069-5a70-7bf3fd000000 Time:2024-03-21T09:14:34.3552776Z</Message>

<AuthenticationErrorDetail>Signature did not match. String to sign used was r </AuthenticationErrorDetail>


Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,426 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 10,040 Reputation points MVP

    It appears that the Azure Storage account key you used to generate the token is no longer valid. Regenerate SAS and try again



    0 comments No comments

  2. KarishmaTiwari-MSFT 18,367 Reputation points Microsoft Employee

    @Jaspreet Singh Thanks for posting your query on Microsoft Q&A.

    The AuthenticationFailed error you’re encountering while trying to access a blob using a Shared Access Signature (SAS) token can be caused by several factors. Let’s explore some common reasons and potential solutions:

    1. Incorrect Signature: The error message indicates that the signature did not match. This means that the signature generated in your SAS token does not match the expected value. Double-check the way you’re constructing the SAS token. Ensure that all parameters (account name, container name, blob name, permissions, expiry time, etc.) are correctly included. Verify that the string-to-sign used to generate the signature matches the one expected by the server.
    2. System Time Discrepancy: Make sure that the system time on the machine generating the SAS token is accurate. A significant time discrepancy could lead to authentication failures. If there’s a time difference, regenerate a new SAS token with the correct system time.
    3. Access Level Mismatch: The type of SAS token matters. If you’re trying to list all blobs in a container, you need an Account SAS because it’s an operation at the account level. If you’re accessing a specific blob, use a Service SAS for that blob.
    4. Best Practices: Follow best practices when generating SAS tokens. For example, limit the permissions to the minimum required (read-only, write-only, etc.). Ensure that the SAS token is generated correctly and that the URL includes the token.

    Try these suggestions and let me know the results via comment.

    0 comments No comments