Clever Geek Handbook

Microsoft azure tabletosign authentication

I am having an authentication problem stringtosign

for a pzination azure table request.

This is the current stringtosign

im using:

GET\n\n\nFri, 05 Sep 2014 03:57:11 GMT\n/mystorageaccount/mytablename\nNextPartitionKey:1!20!UmFjZSBNZW1iZXJfNA--\nNextRowKey:1!12!TmFtZV85ODE-

Is there something wrong with this authentication stringtosign

? The rest of the Headers are exactly the same as the Fiddle.

Example

GET /mytablename?NextPartitionKey=1%2120%21UmFjZSBNZW1iZXJfNA--&NextRowKey=1%2112%21TmFtZV85ODE- HTTP/1.1
Host: mystorageaccount.table.core.windows.net
x-ms-version: 2014-02-14
x-ms-date: Fri, 05 Sep 2014 05:49:19 GMT
Authorization: SharedKey mystorageaccount:GD2w4pqsllzIOixNF/AfFqLkZhYzLpjK67a8OI7j6Go=
Accept: application/atom+xml
Accept-Charset: UTF-8
DataServiceVersion: 3.0;NetFx
MaxDataServiceVersion: 3.0;NetFx

I read both

Hello Gaurav Mantri,

It still didn't work. I'll insert the request, my stringtosign and the response below:

GET /mytablename?NextPartitionKey=1%2120%21UmFjZSBNZW1iZXJfNA--&NextRowKey=1%2112%21TmFtZV85ODE- HTTP/1.1
Host: mystorageaccount.table.core.windows.net
x-ms-version: 2014-02-14
x-ms-date: Fri, 05 Sep 2014 07:05:12 GMT
Authorization: SharedKey mystorageaccount:HSYfO1Baadqcd4bQO5Q6uN1hrr2aXtLcQbFPkWgIXuw=
Accept: application/atom+xml
Accept-Charset: UTF-8
DataServiceVersion: 3.0;NetFx
MaxDataServiceVersion: 3.0;NetFx

Signature line:

GET\n\n\nFri, 05 Sep 2014 07:05:12 GMT\n/mystorageaccount/mytablename\nnextpartitionkey:1!20!UmFjZSBNZW1iZXJfNA--\nnextrowkey:1!12!TmFtZV85ODE-

Answer:

<?xml version=\"1.0\" encoding=\"utf-8\"?><m:error xmlns:m=\"http://schemas.microsoft.com/ado/2007/08/dataservices/metadata\"><m:code>AuthenticationFailed</m:code><m:message xml:lang=\"en-US\">Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:37272f11-0002-0014-5aa7-f7dd1c000000
Time:2014-09-05T07:05:09.5720897Z</m:message></m:error>
+3


source to share


1 answer


I had the opportunity to write some code and try it out. Basically when creating a CanonicalizedResource string for table resources, you don't need to include query string parameters other than the comp

querystring parameter . Basically, this is what you will need to follow from the documentation ( http://msdn.microsoft.com/library/azure/dd179428.aspx ):

2009-09-19 Common Lite and Table Format

This format supports Shared Key and Shared Key Lite for all versions of the Table service and Shared Key Lite for the 2009-09-19 version of the Blob and Queue services and 2014-02-14 of the File service. This format is identical to that used in previous versions of the storage service. Construct a CanonicalizedResource string in this format like this:

  • Starting with an empty line (""), add a forward slash (/) followed by the name of the account that owns the access resource.
  • Add resource encoded URI path. If the request URI refers to a resource component, add the appropriate request string. The query string must include a question mark and a comp parameter (e.g.? Comp = metadata). Other parameters should not be included in the query string.

Once you've done that, your code should work fine. Here is some sample code I wrote:

    static void QueryTable()
    {
        var requestMethod = "GET";
        var storageServiceVersion = "2014-02-14";
        var date = DateTime.UtcNow.ToString("R");
        var canonicalizedResource = string.Format("/{0}/{1}", StorageAccount, TableName);
        var stringToSign = string.Format("{0}\n\n\n{1}\n{2}", requestMethod, date, canonicalizedResource);
        var authorizationHeader = GetAuthorizationHeader(stringToSign);
        using (var httpClient = new HttpClient())
        {
            httpClient.BaseAddress = new Uri(TableEndpoint);
            httpClient.DefaultRequestHeaders.Clear();
            httpClient.DefaultRequestHeaders.Add("x-ms-date", date);
            httpClient.DefaultRequestHeaders.Add("x-ms-version", storageServiceVersion);
            httpClient.DefaultRequestHeaders.Add("Authorization", authorizationHeader);

            var result = httpClient.GetAsync(TableName + "?NextPartitionKey=1!48!VXwzMzg0MDAzOWYzMjQ0ZDgxOWZjZmM5M2EyMzNkM2IxOA--&NextRowKey=1!0!");
            result.Wait();
        }
    }

    static string GetAuthorizationHeader(string canonicalizedString)
    {
        var signature = string.Empty;
        using (var hash = new HMACSHA256(Convert.FromBase64String(StorageAccountKey)))
        {
            var data = Encoding.UTF8.GetBytes(canonicalizedString);
            signature = Convert.ToBase64String(hash.ComputeHash(data));
        }

        return string.Format(CultureInfo.InvariantCulture, "{0} {1}:{2}", "SharedKey", StorageAccount, signature);
    }


Based on the documentation here: http://msdn.microsoft.com/library/azure/dd179428.aspx (2009-09-19 Public Key Format Section # 4), you need to convert all query parameters to lowercase . So your canonicalized resource string should be:

GET\n\n\nFri, 05 Sep 2014 03:57:11 GMT\n/mystorageaccount/mytablename\nnextpartitionkey:1!20!UmFjZSBNZW1iZXJfNA--\nnextrowkey:1!12!TmFtZV85ODE-

Try it. This should take care of the problem. Business>

+2


source






More articles:


All Articles