Azure Storage : Unable to access Container blobs with defined Credentials

amsDeveloper 71 Reputation points

We are setting a Key for the Storage Account and then using to access the contents as below;

var storageCredentials = new StorageCredentials(mediaStorageAccountName, base64EncodedKey);
var storageAccount = new CloudStorageAccount(storageCredentials, true);
var connString = storageAccount.ToString(true);

Then, using the same "storageAccount" to create the Blob Client;

CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();

And to get the Container;

var container = blobClient.GetContainerReference(ContainerName);

"storageAccount" Credential properties are "IsSAS" FALSE, "IsSharedKey" TRUE, "IsToken" FALSE and "KeyName" is NULL.

But, when Blob is being accessed with OpenReadAsync, its failing with following exception;

The remote server returned an error: (403) Forbidden.,The remote server returned an error: (403) Forbidden. Line number: Microsoft.WindowsAzure.Storage Trace: at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.EndExecuteAsyncT at Microsoft.WindowsAzure.Storage.Blob.CloudBlob.EndExists(IAsyncResult asyncResult) at Microsoft.WindowsAzure.Storage.Core.Util.AsyncExtensions.<>c__DisplayClass2`1.b__0(IAsyncResult ar)

It is basically getting all the references to Container/Blobs etc correctly (gives correct name), but when its tried to read/download/upload those, it fails.

Also, instead of using the "storageAccount" reference directly, even if it is secured with following, it gives same exception;

CloudStorageAccount storageAccount = new CloudStorageAccount(
   new Microsoft.WindowsAzure.Storage.Auth.StorageCredentials(storageAccountName, base64EncodedKey), true);

What is wrong here and how to fix this? Why is KeyName NULL? Is that causing this issue?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,909 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,614 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. deherman-MSFT 35,471 Reputation points Microsoft Employee

    @amsDeveloper-1720 Apologies for the delayed response here and any inconvenience this has caused. Often times 403 is seen when authorizing with a shared key because "All authorized requests must include the Coordinated Universal Time (UTC) timestamp for the request." Information about this can be found in Authorize with Shared Key

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

  2. Sumarigo-MSFT 45,406 Reputation points Microsoft Employee

    @amsDeveloper-1720 Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

    Adding some information to @dehermanYou can specify the timestamp either in the x-ms-date header, or in the standard HTTP/HTTPS Date header. The storage services ensure that a request is no older than 15 minutes by the time it reaches the service. This guards against certain security attacks, including replay attacks. When this check fails, the server returns response code 403 (Forbidden). Check your Server data-time in this scenario

  3. Thayna Jhana A B Espíndola 1 Reputation point

    Did you find a solution to the problem?

    0 comments No comments

  4. André Santos 1 Reputation point

    After rotate key, this issue is solved. This problem is bizarre