Share via

Authentication Error when trying to access Storage Queue using service principal programatically

Punith Kumar 1 Reputation point
2022-02-16T22:50:27.783+00:00

I'm trying to access storage queue using service principal programatically using spring boot . Ending up with this error.

com.azure.storage.queue.models.QueueStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "?<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:...............................
Time:2022-02-16T22:33:18.4506561Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request '............................' is not the same as any computed signature. Server used following string to sign: 'PUT

Wed, 16 Feb 2022 22:33:16 GMT

x-ms-client-request-id:...............................
x-ms-version:2020-10-02

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,537 questions
Azure Queue Storage
Azure Queue Storage
An Azure service that provides messaging queues in the cloud.
114 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. shiva patpi 13,366 Reputation points Microsoft Employee Moderator
    2022-02-19T02:53:26.45+00:00

    Hello @Punith Kumar ,
    How is the Service Principal getting authenticated with Storage account? If that is using SAS - There can be many reasons for this error:

    1) It seems there are Insufficient SAS Permissions. For example , trying to do a write operation with a SAS which only permits read
    Can you try generating the new SAS key ?

    2) Can you kindly ensure that the client request does not include any empty headers when it is being access programmatically. If the value of a particular header is empty (or null), the header should be excluded from the request.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.