Geek Answers Handbook

Windows Azure REST Api Authentication Tables

I'm having authentication issues when trying to access my Windows Azure storage account through REST Api.

I read the following resources to determine how to generate the request:

http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx

http://convective.wordpress.com/2010/08/18/examples-of-the-windows-azure-storage-services-rest-api/

Azure Blob Service REST API returns error 403: "Request header request not specified"

In my opinion, the request contains only 4 variables: Actual URI for determining the service endpoint, Current date in GMT Primary access key Account name.

I have the first two of the MSDN resources, and the other two are on my Windows Azure Portal.

GET http://<account_name>.table.core.windows.net/ HTTP/1.1 x-ms-date: Sun, 24 Feb 2013 09:19:31 GMT x-ms-version: 2009-09-19 Authorization: SharedKey <account_name>:<primary_key> Accept-Charset: UTF-8 Accept: application/atom+xml,application/xml DataServiceVersion: 1.0;NetFx MaxDataServiceVersion: 1.0;NetFx Host: <account_name>.table.core.windows.net

I have verified that the account name and primary key are correct and that the x-ms datestamp is within 15 minutes based on the suggestion from another message.

I get the following answer:

 HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. Content-Length: 437 Content-Type: application/xml Server: Microsoft-HTTPAPI/2.0 x-ms-request-id: d78c2c11-8699-4737-9592-82813eac356e Date: Sun, 24 Feb 2013 21:20:03 GMT <?xml version="1.0" encoding="utf-8" standalone="yes"?> <error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"> <code>AuthenticationFailed</code> <message xml:lang="en-US">Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d78c2c11-8699-4737-9592-82813eac356e Time:2013-02-24T21:20:03.2036675Z</message> </error>

Any suggestions for fixing the authentication request properly?

In addition, I was able to download the Azure Storage Explorer utility and access this service so that I knew that the storage account was valid and working.

+4
source share
5 answers

After several searches, I found the following articles:

The main conclusion is that SharedKeyLite should be used for this type of request.

On resource # 1, he says:

The table service requires that each request be authenticated. Authentication with shared key and shared key Lite is supported. Shared-key authentication is more secure and recommended for queries against the table service using the REST API. The Microsoft.NET Client Library for WCF Data Services only supports Shared Key Lite authentication.

One resource # 2 explains how to create a ShareKeyLite and below:

Since SharedKey is more reliable than SharedKeyLite, this would be an obvious choice. However, we still need the SharedKeyLite scheme to access the development table repository, as it is the only one it accepts. (Starting with the July Windows Azure CTP SDK.)

+4
source

I had the same problem. I also downloaded the Azure Storage Explorer utility. And I used the Fiddler Web Debugger to view requests from utitlity to azure. The queries were as follows:

 GET http://mystorageaccount.table.core.windows.net/Tables() HTTP/1.1 User-Agent: Microsoft ADO.NET Data Services DataServiceVersion: 1.0;NetFx MaxDataServiceVersion: 2.0;NetFx x-ms-version: 2009-09-19 x-ms-date: Tue, 26 Feb 2013 07:18:04 GMT Authorization: SharedKeyLite mystorageaccount:mystorageaccountkey Accept: application/atom+xml,application/xml Accept-Charset: UTF-8 Host: mystorageaccount.table.core.windows.net
+1
source

I got here for the same AuthenticationFailed error. For the table service, this error does not provide any details. Only with a trial version and an error and viewing code fragments from another network and making differences with what I have is a way to debug this.

For the blob service, I saw the errors that I mentioned - the server computed StringToSign (with value) and stringToSign from the signature do not match. This helped me fix the code that computes the authentication header.

more detailed information along with the error code in the rest api will always help the developer.

Returning to this problem, the problem was that instead of the Date header, the x-ms-date header was required. Thus, the error code was inappropriate.

For winjs windows store application. The working code looked something like this:

 var url = 'https://<storageaccount>.table.core.windows.net/<table name>()'; var date = new Date().toGMTString().replace('UTC', 'GMT'); var xhrOptions = { type: 'GET', url: url, headers: { // Date: date, // does not work and raises AuthenticationFailed error 'x-ms-date' : date, // works 'Content-Type': 'application/atom+xml', 'x-ms-version': '2009-09-19', DataServiceVersion: '1.0;NetFx', MaxDataServiceVersion: '1.0;NetFx', }, }; xhrOptions.headers.Authorization = computeAuthorizationHeader(xhrOptions);
+1
source

The authorization string must be signed in accordance with this specification http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx

In particular, the section of your heading that reads

 <primary_key>

There should be a conclusion of something like

 Base64(HMAC_SHA256(UTF8("<primary_key>"),UTF8("VERB\n\n\nDATE\nRESOURCE")))
0
source

You can use the solution mentioned here.

It is worth mentioning when you access the azure table "Shared Key", and in the case of "Blob" is used "SharedKey Lite"

http://social.msdn.microsoft.com/Forums/en-US/windowsazureconnectivity/thread/84415c36-9475-4af0-9f52-c534f5681432

And also remember one thing, if you work behind a proxy server, just make sure that the port is not blocked. If some ports are blocked, there will be no response from the azure window.

0
source

More articles:


All Articles