1

I am launching azurite from the command line as outlined in the docs and that is working fine. https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azurite?tabs=visual-studio%2Cblob-storage#running-azurite-from-the-command-line

I am trying to preform GET and PUT blob storage operation from postman but I am unable to figure out how to authorize my requests.

I DO NOT want to use SAS. How do I populate the "Authorization" header with a valid value?

https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key#specifying-the-authorization-header

Authorization="[SharedKey|SharedKeyLite] <AccountName>:<Signature>"  

where SharedKey or SharedKeyLite is the name of the authorization scheme, AccountName is the name of the account requesting the resource, and Signature is a Hash-based Message Authentication Code (HMAC) constructed from the request and computed by using the SHA256 algorithm, and then encoded by using Base64 encoding.

for azurite the storage account and key is well documents but how to I use it to create this header

Improve this question
12
  • Please read the documentation here - learn.microsoft.com/en-us/rest/api/storageservices/…. Commented Oct 24, 2024 at 19:41
  • yes I had seen this: Authorization="[SharedKey|SharedKeyLite] <AccountName>:<Signature>" where SharedKey or SharedKeyLite is the name of the authorization scheme, AccountName is the name of the account requesting the resource, and Signature is a Hash-based Message Authentication Code (HMAC) constructed from the request and computed by using the SHA256 algorithm, and then encoded by using Base64 encoding. for azurite the storage account and key is well documents but how to I use it to create this header Commented Oct 24, 2024 at 20:10
  • Please read the entire documentation. It has all the necessary steps about how you can create the authorization header. Commented Oct 24, 2024 at 20:12
  • 1
    @entropy283 Check the below answer Commented Oct 25, 2024 at 5:37
  • @Venkatesan thank you very much for the answer seeing it like this is very helpful. small question, the key that you used, is it the same as the account key listed here? learn.microsoft.com/en-us/azure/storage/common/… Commented Oct 25, 2024 at 14:45

1 Answer 1

Reset to default
1

How to authenticate REST API blob storage operations to use azurite

I followed this MS-Document,

I started my azurite with below command:

PS C:\Users\azurite> azurite start
Azurite Blob service is starting at http://127.0.0.1:10000
Azurite Blob service is successfully listening at http://127.0.0.1:10000
Azurite Queue service is starting at http://127.0.0.1:10001
Azurite Queue service is successfully listening at http://127.0.0.1:10001
Azurite Table service is starting at http://127.0.0.1:10002
Azurite Table service is successfully listening at http://127.0.0.1:10002

enter image description here

Now, you can use the below code to create sharedkey with date and api version using Python code.

Code:

import hmac
import hashlib
import base64
from datetime import datetime

def main():
    authorization, date, api_version = blobs()

    print(f"Authorization: {authorization}")
    print(f"Date: {date}")
    print(f"API Version: {api_version}")
    input("Press any key to exit...")


def blobs():
    account = "devstoreaccount1"
    key = "xxxx"  # Replace with your access key
    container = "xxx" # Replace with your container name
    blob = "xxx" # Replace with your blob name
    api_version = "2021-06-08"

    dt = datetime.utcnow()
    date_str = dt.strftime('%a, %d %b %Y %H:%M:%S GMT')

    string_to_sign = (f"GET\n"  # HTTP method
                     f"\n"  # Content-Encoding
                     f"\n"  # Content-Language
                     f"\n"  # Content-Length
                     f"\n"  # Content-MD5
                     f"\n"  # Content-Type
                     f"\n"  # Date
                     f"\n"  # If-Modified-Since
                     f"\n"  # If-Match
                     f"\n"  # If-None-Match
                     f"\n"  # If-Unmodified-Since
                     f"\n"  # Range
                     f"x-ms-date:{date_str}\n"
                     f"x-ms-version:{api_version}\n"
                     f"/{account}/{account}/{container}/{blob}")

    signature = sign_this(string_to_sign, key)

    # Updated Authorization format
    authorization = f"SharedKey {account}:{signature}"

    return authorization, date_str, api_version


def sign_this(string_to_sign, key):
    decoded_key = base64.b64decode(key)
    string_to_sign = string_to_sign.encode('utf-8')

    hmac_sha256 = hmac.new(decoded_key, string_to_sign, hashlib.sha256)
    signature = base64.b64encode(hmac_sha256.digest()).decode('utf-8')

    return signature


if __name__ == "__main__":
    main()

Output:

Authorization: SharedKey devstoreaccount1:vJp+QagiA/xxxxxxx/Dq49IDmoW76E=
Date: Fri, 25 Oct 2024 05:00:32 GMT
API Version: 2021-06-08

enter image description here

Now, for testing I'm using GET request to get the blob content.

Request:

http://127.0.0.1:10000/devstoreaccount1/<container name>/<blob name>
Headers: 
x-ms-version : 2021-06-08
x-ms-date: Fri, 25 Oct 2024 05:00:32 GMT
Authorization:SharedKey devstoreaccount1:vJp+QagiA/xxxxxxx/Dq49IDmoW76E=

Output: enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.