0

I me and my team are developing a web app using NextJS, and recently we've been implementing Azure Blob Storage for file upload and display. I am currently working on Image display for the frontend. for doing so, I am generating a SAS token with generateBlobSASQueryParameters function with a sasOptions object that contains the following parameters:

  • container name
  • blob name
  • startsOn (date object)
  • expiresOn (date object)
  • permissions: BlobSASPermissions.parse("racwdt")

after that, im generating a SAS URI, using the specified blob name and the newly generated SAS token. however, when im trying to access the sas URI, im met with an error:

Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:SOME_REQUEST_ID Time:2022-10-03T13:49:24.2788454Z Signature fields not well formed. The signature:

https://mystorageaccount.blob.core.windows.net/images/example.png?sv=2021-06-08&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2022-11-22T20:45:23Z&st=2022-10-03T11:45:23Z&spr=https&sig=ECjnJEvZCOPhvuOgCsGBMIwone7VmsiJQopVNyb4yB0%3D?sv=2021-06-08&st=2022-10-06T06%3A24%3A12Z&se=2022-10-06T06%3A34%3A12Z&sr=b&sp=racwdt&sig=ioMMCIFo0eXC%2BTZ9yDZB9D5JHz%2F%2BUyMMFqTPEG0QSqg%3D

Following are the parameters for a URL that is failing to authenticate:

sv=2021-06-08
ss=bfqt
srt=sco
sp=rwdlacupiytfx
se=2022-11-22T20:45:23Z
st=2022-10-03T11:45:23Z
spr=https
sig=ECjnJEvZCOPhvuOgCsGBMIwone7VmsiJQop

Is there anything I can do or look after when generating a SAS URI to make it work?

Note: When manually generating a SAS URL by clicking on the "Generate SAS token and URL" button on the blob, I can access the image by copying it to the url field in my browser

Improve this question
2
  • Please edit your question and include the SAS token which is giving you the problem. Commented Oct 6, 2022 at 6:16
  • Looking at the SAS URL, it seems you are duplicating the SAS token (look at ?sv= in the SAS URL). Please check that. Commented Oct 6, 2022 at 6:36

1 Answer 1

Reset to default
1

As @Gaurav_Mantri suggested, the SAS token appeared TWICE in the SAS URL I got.

The code that made that faulty URL:

 const sasToken = generateBlobSASQueryParameters(
      sasOptions,
      sharedKeyCredential
    ).toString();

    const blobSasUri = `${
    containerClient.getBlockBlobClient(blobName).url
    }?${sasToken}`;

It appears to me That i've generated a SAS token for a specific blob, then by getting its url using

containerClient.getBlockBlobClient(blobName).url

I've already got the FULL blob URL (with the SAS token already in it). Afterwards, i've concatinated the generated SAS URL again, therefore got a faulty URL.

Fix:

const sasToken = generateBlobSASQueryParameters(
  sasOptions,
  sharedKeyCredential
).toString(); // For generating the SAS token

const blobURL = containerClient.getBlockBlobClient(blobName).url;
// Afterwards, getting the full blob URL (with the new SAS token already concatinated to it)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.