@Thangavel Daniel Tamilarasan As per the error HTTP/1.1 401 SubCode=40104: Invalid authorization token audience your request failed as the audience was invalid for the SAS token. The reason could be that when you generate the stringToSign with the resourceUri along with the keyName and key then it will only target to a particular audience that is at the entity level (queue/topic/subscription) but you might be using this SAS token for other queues/topic/subscription for which it is invalid or you are performing other operation (like send etc.) and your SAS token doesn't have that permission for that operation. I will suggest you to verify if this is not the case in your scenario.
private static string createToken(string resourceUri, string keyName, string key)
{
TimeSpan sinceEpoch = DateTime.UtcNow - new DateTime(1970, 1, 1);
var week = 60 * 60 * 24 * 7;
var expiry = Convert.ToString((int)sinceEpoch.TotalSeconds + week);
string stringToSign = HttpUtility.UrlEncode(resourceUri) + "\n" + expiry;
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key)))
{
var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
var sasToken = String.Format(CultureInfo.InvariantCulture, "SharedAccessSignature sr={0}&sig={1}&se={2}&skn={3}", HttpUtility.UrlEncode(resourceUri), HttpUtility.UrlEncode(signature), expiry, keyName);
return sasToken;
}
}
If you have generated the token correctly for the right entity and operation then I will suggest you to share your sample code to reproduce the issue so I can review it at my end. I have used the above code that only has send permission for a particular queue.