Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token

Tags:

azure

azure-active-directory

azure-blob-storage

I am building an Angular 6 application that will be able to make CRUD operation on Azure Blob Storage. I'm however using postman to test requests before implementing them inside the app and copy-pasting the token that I get from Angular for that resource.

When trying to read a file that I have inside the storage for test purposes, I'm getting: <Code>AuthorizationPermissionMismatch</Code> <Message>This request is not authorized to perform this operation using this permission.

  • All in production environment (although developing)
  • Token acquired specifically for storage resource via Oauth
  • Postman has the token strategy as "bearer "
  • Application has "Azure Storage" delegated permissions granted.
  • Both the app and the account I'm acquiring the token are added as "owners" in azure access control IAM
  • My IP is added to CORS settings on the blob storage.
  • StorageV2 (general purpose v2) - Standard - Hot
  • x-ms-version header used is: 2018-03-28 because that's the latest I could find and I just created the storage account.
like image 635
SebastianG Avatar asked Oct 11 '18 22:10

SebastianG

People also ask

How do I give access to Blob storage Azure?

To allow or disallow public access for a storage account in the Azure portal, follow these steps: Navigate to your storage account in the Azure portal. Locate the Configuration setting under Settings. Set Blob public access to Enabled or Disabled.

Is request is not authorized to perform this operation using this permission?

To resolve this issue, you need to verify the access permissions for the ADF and user type: Note: Storage Blob Data Contributor : Use to grant read/write/delete permissions to Blob storage resources. ADF permissions: Kindly check the permissions on the Storage account. Check the user permission on the storage account.

How do I access my blob storage with access key?

In the Azure portal, go to your storage account. Under Security + networking, select Access keys. Your account access keys appear, as well as the complete connection string for each key. Select Show keys to show your access keys and connection strings and to enable buttons to copy the values.

1 Answers

I found it's not enough for the app and account to be added as owners. I would go into your storage account > IAM > Add role assignment, and add the special permissions for this type of request:

  • Storage Blob Data Contributor
  • Storage Queue Data Contributor
like image 191
jager1000 Avatar answered Sep 21 '22 01:09

jager1000
Sign in to Comment

Related questions

Azure web.config per environment
Azure Service Bus Emulator [closed]
Version conflict caused by Microsoft.NET.Sdk.Functions
Asp.Net Core 2.0 on Azure results in a 502.5
Azure webjobs vs scheduler
How to get connection string out of Azure KeyVault?
Downloading Azure Blob files in MVC3
Not able to publish website on Windows Azure using publish through VS2010
asp.net:Invalid temp directory in chart handler configuration [c:\TempImageFiles\]
Configure CORS for Azure Functions Local Host
Is there an API to list all Azure Regions?
Having windows Azure A8 nodes with InfiniBand support how to send N bytes from one and receive on another?
What is the difference in the "Host Cache Preference" settings when adding a disk to an Azure VM?
What is the azure table storage query equivalent of T-sql's LIKE command?
Azure Website slow to serve static JS/CSS but not binary
Azure Functions - Limiting parallel execution
How to get Redis running on Azure? [closed]
"Object reference not set to an instance of an object" when building my cloud project
Cosmos DB - Deleting a document
How to download a file to browser from Azure Blob Storage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!