Blob storage sas token issue

Jaspreet Singh 0 Reputation points
2024-03-21T11:34:57.92+00:00

Hi, I am using blob storage and sas token to get blob form my private container I am facing this issue and I am not able to find out why this is happening ?

<Error>

<Code>AuthenticationFailed</Code>

<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:a33620e3-c01e-0069-5a70-7bf3fd000000 Time:2024-03-21T09:14:34.3552776Z</Message>

<AuthenticationErrorDetail>Signature did not match. String to sign used was r </AuthenticationErrorDetail>

</Error>

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,972 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 27,655 Reputation points MVP
    2024-03-21T19:14:33.6933333+00:00

    It appears that the Azure Storage account key you used to generate the token is no longer valid. Regenerate SAS and try again


    hth

    Marcin

    0 comments No comments

  2. KarishmaTiwari-MSFT 20,217 Reputation points Microsoft Employee
    2024-03-23T02:06:20.7166667+00:00

    @Jaspreet Singh Thanks for posting your query on Microsoft Q&A.

    The AuthenticationFailed error you’re encountering while trying to access a blob using a Shared Access Signature (SAS) token can be caused by several factors. Let’s explore some common reasons and potential solutions:

    1. Incorrect Signature: The error message indicates that the signature did not match. This means that the signature generated in your SAS token does not match the expected value. Double-check the way you’re constructing the SAS token. Ensure that all parameters (account name, container name, blob name, permissions, expiry time, etc.) are correctly included. Verify that the string-to-sign used to generate the signature matches the one expected by the server.
    2. System Time Discrepancy: Make sure that the system time on the machine generating the SAS token is accurate. A significant time discrepancy could lead to authentication failures. If there’s a time difference, regenerate a new SAS token with the correct system time.
    3. Access Level Mismatch: The type of SAS token matters. If you’re trying to list all blobs in a container, you need an Account SAS because it’s an operation at the account level. If you’re accessing a specific blob, use a Service SAS for that blob.
    4. Best Practices: Follow best practices when generating SAS tokens. For example, limit the permissions to the minimum required (read-only, write-only, etc.). Ensure that the SAS token is generated correctly and that the URL includes the token.

    Try these suggestions and let me know the results via comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.