SAS Token not working for FileUpload IoTHub

mikefinch87 115 Reputation points
2024-06-12T17:16:40.47+00:00

I'm trying to replicate this https://github.com/Azure/azure-iot-sdk-csharp/blob/main/iothub/device/samples/getting%20started/FileUploadSample/FileUploadSample.cs example to upload a file.

This part works:

        `// Note: GetFileUploadSasUriAsync and CompleteFileUploadAsync will use HTTPS as protocol regardless of the DeviceClient protocol selection.`

Console.WriteLine("Getting SAS URI from IoT Hub to use when uploading the file...");

FileUploadSasUriResponse sasUri = await _deviceClient.GetFileUploadSasUriAsync(fileUploadSasUriRequest);

Uri uploadUri = sasUri.GetBlobUri();

I get a SASURI https://iotdata4ji3sewik5rhw.blob.core.windows.net/iotuploads/<Devicename><DeviceName>%2Ftestfile.txt?access_token=<a very long token>

This fails with a 401:

            `await blockBlobClient.UploadAsync(fileStreamSource, new BlobUploadOptions());`

The error code is:
Exception thrown: 'Azure.RequestFailedException' in System.Private.CoreLib.dll

Azure.RequestFailedException: Server failed to authenticate the request. Please refer to the information in the www-authenticate header.

RequestId:7c978deb-301e-00b1-4be9-bcefbd000000

Time:2024-06-12T16:54:34.5041923Z

Status: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)

ErrorCode: NoAuthenticationInformation

Content:

<?xml version="1.0" encoding="utf-8"?><Error><Code>NoAuthenticationInformation</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.

RequestId:7c978deb-301e-00b1-4be9-bcefbd000000

Time:2024-06-12T16:54:34.5041923Z</Message></Error>

Headers:

Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0

x-ms-request-id: 7c978deb-301e-00b1-4be9-bcefbd000000

x-ms-client-request-id: 89aad194-a427-43d0-a97b-3d37370a785b

x-ms-version: 2023-11-03

x-ms-error-code: NoAuthenticationInformation

WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/37051258-66ca-457a-a41d-d94c41705e37/oauth2/authorize resource_id=https://storage.azure.com

Date: Wed, 12 Jun 2024 16:54:34 GMT

Content-Length: 302

Content-Type: application/xml

If I use the url with curl <url> --upload-file <file>, I get this error:
<?xml version="1.0" encoding="utf-8"?><Error><Code>PublicAccessNotPermitted</Code><Message>Public access is not permitted on this storage account.

RequestId:3e93c683-f01e-00dc-70e2-bc5bf6000000

Time:2024-06-12T16:04:31.6909721Z</Message></Error>

If I enable public access for test I get this error:

<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.

RequestId:bb2b72e3-901e-00da-53e8-bc6849000000

Time:2024-06-12T16:50:46.2661102Z</Message></Error>

But either way BlockBlobClient stays with 401.

Azure IoT
Azure IoT
A category of Azure services for internet of things devices.
401 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,933 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,203 questions
Azure IoT SDK
Azure IoT SDK
An Azure software development kit that facilitates building applications that connect to Azure IoT services.
223 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,029 questions
{count} vote

Accepted answer
  1. Antonio Toga 95 Reputation points
    2024-06-13T15:09:51.99+00:00

    I had a similar problem using the python sdk, if you are using system-assigned authentication type, you always get an access token instead of a sas token

    Screenshot 2024-06-13 095601

    If you are going to use it, you should add a bearer authorization header to the blob client before uploading the file, as show in the line 13, this example is for the python sdk and it works
    User's image

    If you can't add the authorization header, you should change the authentication type to key-based to get a sas token

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Sander van de Velde | MVP 33,141 Reputation points MVP
    2024-06-12T17:46:40.08+00:00

    Hello mikefinch87

    welcome to this moderated Azure community forum.

    Have you enabled the storage account link in the IoT Hub?

    An alternative sample is seen in this blog post.

    The full example is available on GitHub.


    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.