Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The MAC signature found in the HTTP request '...' is not the same as any computed signature

I'm sending the following request in Postman to retrieve a simple .jpg from Azure Blob storage at this URL https://steamo.blob.core.windows.net/testcontainer/dog.jpg

GET /testcontainer/dog.jpg HTTP/1.1
Host: steamo.blob.core.windows.net
Authorization: SharedKey steamo:<my access key>
x-ms-date: Tue, 26 May 2015 17:35:00 GMT
x-ms-version: 2014-02-14
Cache-Control: no-cache
Postman-Token: b1134f8a-1a03-152c-2810-9cb351efb9ce

If you're unfamiliar with Postman it is just a REST client - the Postman-Token header can probably be ignored.

My access key is copied from my Azure Management Portal.

I get this error:

Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:2482503d-0001-0033-60da-9708ed000000 Time:2015-05-26T17:35:41.4577821Z

With this AutheticationErrorDetail:

The MAC signature found in the HTTP request '<my access key>' is not the same as any computed signature. Server used following string to sign: 'GET x-ms-date:Tue, 26 May 2015 17:35:00 GMT x-ms-version:2014-02-14 /steamo/testcontainer/dog.jpg'.

How do I fix this? Let me know if you need any more info from me.

like image 794
starlord7 Avatar asked May 26 '15 17:05

starlord7


1 Answers

Authentication for Azure Storage is not simply a matter of providing the access key (that is not very secure). You need to create a signature string that represents the given request, sign the string with the HMAC-SHA256 algorithm (using your storage key to sign), and encode the result in base 64. See https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx for full details, including how to construct the signature string.

like image 113
Adam Sorrin - MSFT Avatar answered Sep 19 '22 13:09

Adam Sorrin - MSFT