Menu
My test site has after a deploy started to get 403 forbidden back when trying to access files from the azure blob storage. This is only a problem on our test environment, the new release works just fine in production. Both production and test is hosted in azure, and both use their own azure blob storage.
I have tried regenerating the access keys for the blob storage, without any luck.
I can use the access keys locally and connect to the test blob storage and access the files just fine.
If i try to change the test environment to use the production blob storage, i still get the 403 forbidden error.
Microsoft.WindowsAzure.Storage.StorageException: The remote server returned an error: (403) Forbidden. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse() at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand
1 cmd, IRetryPolicy policy, OperationContext operationContext) in c:\Program Files (x86)\Jenkins\workspace\release_dotnet_master\Lib\ClassLibraryCommon\Core\Executor\Executor.cs:line 677 --- End of inner exception stack trace --- at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand1 cmd, IRetryPolicy policy, OperationContext operationContext) in c:\Program Files (x86)\Jenkins\workspace\release_dotnet_master\Lib\ClassLibraryCommon\Core\Executor\Executor.cs:line 604 at Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient.GetBlobReferenceFromServer(StorageUri blobUri, AccessCondition accessCondition, BlobRequestOptions options, OperationContext operationContext) in c:\Program Files (x86)\Jenkins\workspace\release_dotnet_master\Lib\ClassLibraryCommon\Blob\CloudBlobClient.cs:line 563 at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.GetBlobReferenceFromServer(String blobName, AccessCondition accessCondition, BlobRequestOptions options, OperationContext operationContext) in c:\Program Files (x86)\Jenkins\workspace\release_dotnet_master\Lib\ClassLibraryCommon\Blob\CloudBlobContainer.cs:line 818 at ASP.XYZ in d:\XYZ.cshtml:line 27 Request Information RequestID:fc137321-0001-00ce-02d2-de5736000000 RequestDate:Tue, 06 Jun 2017 14:41:21 GMT StatusMessage:Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
It must be an issue on the azure app service that runs the test site. I just cannot see what it could be.
See gist here for some very simplified code https://gist.github.com/Skaanning/5cddf95a0d1ff210482d99a683e0be9c .
Edit I have multiple other blob stores, but none of them work on the test site. They work fine on other environments though.
I tried scaling it up and down, without any luck. But then i tried changing from 32 bit to 64 bit and now it works! I will keep the question open, in case someone can explain what on earth happened here
740
If you're using an Azure AD app registration to authenticate a client app, the second possible solution is to verify that the app registration has permissions configured for the Azure Digital Twins service. If these aren't configured, set them up.
Navigate to your storage account in the Azure portal. Under Security + networking, select Access keys. To regenerate the primary access key for your storage account, select the Regenerate button next to the primary access key. Update the connection strings in your code to reference the new primary access key.
To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments: A data access role, such as Storage Blob Data Contributor or Storage Blob Data Reader. The Azure Resource Manager Reader role.
After you have installed the Azure Storage Explorer, connect to your Azure Storage account. After opening, press Cancel and Close (if applicable) (if this is your first time and you directly want to attach to a give SAS storage account.
My test site has after a deploy started to get 403 forbidden back when trying to access files from the azure blob storage. The 403 forbidden exception often caused by a wrong access key is used. Please print out the connection string which was used in your test environment.
The 403 forbidden exception often caused by a wrong access key is used. Please print out the connection string which was used in your test environment. A Azure Storage connection string uses following format.
Both production and test is hosted in azure, and both use their own azure blob storage. I have tried regenerating the access keys for the blob storage, without any luck. I can use the access keys locally and connect to the test blob storage and access the files just fine.
On portal, go to Resource Explorer under Platform features. Search outboundIpAddresses and add those (usually four) IPs into Storage Account White List. If you have added Function IPs but still get 403 error, check location of Storage and Function app.
Review your server datetime. That worked for me.
184
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
