1

I'm wondering if it is possible to use a SAS token for the authorization header in a REST API call to Azure Tables using PowerShell. I've created a test Account SAS and tried passing the actual token value starting with the "sr=" tag and also the full URI however I'm getting the following error:

Invoke-RestMethod : AuthenticationFailed Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

$resource = "$tableName(PartitionKey='$domain',RowKey='$apiKey')"
$tableUrl = "https://$storageAccount.table.core.windows.net/$resource"

$sasReadToken = "SharedAccessSignature ?sv=2017-07-29&ss=t&srt=o&sp=r&se=2019-03-07T02:37:08Z&st=2018-03-06T18:37:08Z&spr=https&sig=<removed>"

$GMTTime = (Get-Date).ToUniversalTime().toString('R')

$header = @{
    Authorization = $sasReadToken;
    'x-ms-date'    = $GMTTime;
    Accept         = "application/json;odata=fullmetadata";
}

$result = Invoke-RestMethod -Uri $tableUrl -Headers $header -Method Get -Verbose

While I realize there is an AzureRm module to handle some of this, I don't want to install unnecessary libraries on the host PC. Is this even possible?

NOTE: The signature has been removed in my example.

Improve this question

2 Answers 2

Reset to default
0

SAS Tokens are not valid in the Authorization header. They are only valid as a collection of query string parameters.

See https://learn.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1 for more info about Azure Storage SAS tokens.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I was able to use my SAS as part of the URI to authenticate to the storage using the following code. Notice the SAS token is part of the $tableUri variable and not part of the header. I also had to add the Accept = 'application/json;odata=nometadata' parameter in the header otherwise I received a (415) error (Unsupported Media Type). Lastly, I had to add the -UseBasicParsing in PowerShell to read the data coming back.

function Get-MyAdvisorToken {
[cmdletbinding()]
param (
    [parameter()]$MyAdvisorApiKey,
    [parameter()]$DomainName
)

#retrieves SaSToken from Azure Table when supplying the API KEY and DOMAIN
$partitionKey = $DomainName #partitionKey
$rowKey = $MyAdvisorApiKey #rowKey
$sasReadToken = "?sv=2017-07-29&ss=t&srt=o&sp=r&se=2018-03-06T19:37:08Z&st=2018-03-06T18:37:08Z&spr=https&sig=<removed>"
$tableUri = "https://$storageAccount.table.core.windows.net/$tableName(PartitionKey='$partitionKey',RowKey='$rowKey')$sasReadToken"

$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$header = @{
    'x-ms-date'    = $GMTTime;
    Accept = 'application/json;odata=nometadata'
}

$result = Invoke-WebRequest -Uri $tableUri -Headers $header -UseBasicParsing
$jsonResult = $result.Content | ConvertFrom-Json
return $jsonResult
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.