Sunday, October 30, 2022

[SOLVED] How does header for anonymous request to Azure blob storage look like

Issue

I am new to Azure and I am trying to use cURL to get the list of items inside my Azure blobe. I have configured anonymous read acces to blobs rel="nofollow noreferrer">enter image description here

However when I am running this request: curl -X GET -H "x-ms-version:2021-08-06" -H "x-ms-date:$(date -Ru | sed 's/\+0000/GMT/')" https://name.blob.core.windows.net/name2 I get: Server failed to authenticate the request. Please refer to the information in the www-authenticate header

I tried to add "Authorization:Basic" or "Authorization:Anonumous" but that does not work.

I have also tried other way with SAS token URL enter image description here

So then my request looks like this: curl -X GET -H "x-ms-version:2021-08-06" -H "x-ms-date:$(date -Ru | sed 's/\+0000/GMT/')" 'https://name.blob.core.windows.net/name2?sp=r&st=2022-10-12T19:53:09Z&se=2022-10-13T03:53:09Z&skoid=c49c35ef-99c7-49c5-835b-92418a2ccdb6&sktid=b1404f36-3c1b-42e2-9c8d-1b0066b5ff86&skt=2022-10-12T19:53:09Z&ske=2022-10-13T03:53:09Z&sks=b&skv=2021-06-08&spr=https&sv=2021-06-08&sr=c&sig=token'

But that gives back:

<AuthenticationErrorDetail>Signature did not match. String to sign used was r
2022-10-12T19:53:09Z
2022-10-13T03:53:09Z
/blob/name/$root
c49c35ef-99c7-49c5-835b-92418a2ccdb6
b1404f36-3c1b-42e2-9c8d-1b0066b5ff86
2022-10-12T19:53:09Z
2022-10-13T03:53:09Z
b
2021-06-08




https
2021-06-08
c






</AuthenticationErrorDetail></Error>

How can I fix both of these cases?


Solution

When you set the access level as "Blob", you need to use the full URL of the blob (e.g. https://account.blob.core.windows.net/container-name/blob-name) to access the blob without any authorization information.

However the URL you are specifying for your GET request is https://name.blob.core.windows.net/name2. Since the Blob URL does not include the container name, Azure Storage tries to look for the blob in $root container. Given that you have set the permissions on a container named alldatastorage (based on your screenshot) and not on the $root container, you are getting 403 error.

To fix this, all you need to do is use the full URL of the blob. For example, if your blob name is myfile.txt, your URL would be https://name.blob.core.windows.net/alldatastorage/myfile.txt. You should not get this error in that case.



Answered By - Gaurav Mantri
Answer Checked By - Marie Seifert (WPSolving Admin)
at