Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Adding a metadata value with space at start causes Blob upload to fail with authentication error - MAC signature found in the HTTP request is not the same as any computed signature

See original GitHub issue

When uploading a blob using a metadata value that has spaces at start (such as using code below):

// blobName is any valid blobname such as "sample.txt" and fileStream is some stream with some valid blob content (say text)
BlobClient blobClient = container.GetBlobClient(blobName);
var headers = new BlobHttpHeaders
                {
                    ContentType = "application/octet-stream"            
                };

var blobUploadOptions = new BlobUploadOptions
            {
                HttpHeaders = headers,
                Metadata = new Dictionary<string, string>({"keyname", "  value with space at start"});
            };

            await blobClient.UploadAsync(fileStream, blobUploadOptions);

the upload fails with error:

Status: 403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)
		ErrorCode: AuthenticationFailed
		
		Additional Information:
AuthenticationErrorDetail: The MAC signature found in the HTTP request 'Q0NXCFOX0S/0KbIYEmwBdma1cf+42H420hxijpw43kg=' is not the same as any computed signature.

Using Azure.Storage.Blobs 12.8.3

We encountered this error because we were storing a user assigned file name in the blob metadata (the blob-name itself did not use the user assigned file name) and Mac users sometimes have spaces in the file name at the beginning.

Issue Analytics

State:
Created a year ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

compgumbycommented, Jun 24, 2022

This bit me too setting the metadata through Azure.Storage.Blobs. Took FOREVER to figure out why… ended up being a trailing space in the value of one of my key/value properties. Hard to spot when you don’t know to look for it.

1reaction

ak37165commented, Apr 15, 2022

Thank you for the suggestion. However, it’s worth noting that the Azure JavaScript SDK does not have this issue. We can set metadata values with spaces when uploading directly from the browser (using SAS tokens issued by the server).

For some of our scenarios the browser must upload to our server and then the server uploads to the Azure blob storage (using the .net SDK). Here the spaces cause an issue (maybe because the MAC computed by the sdk does not include the spaces while the server computed MAC does).

Top Results From Across the Web

The MAC signature found in the HTTP request 'XXXX' is not ...

This issue happens when the authorization signature is incorrect. ... found in the HTTP request 'XXXX' is not the same as computed signature....

The MAC signature found in the HTTP request '...' is not ...

With this AutheticationErrorDetail: The MAC signature found in the HTTP request '<my access key>' is not the same as any computed signature.

Troubleshooting | Cloud Storage

Issue: Requests to a public bucket directly, or via Cloud CDN, are failing with a HTTP 401: Unauthorized and an Authentication Required response....

Signing and authenticating REST requests

This topic explains authenticating requests using Signature Version 2. Amazon S3 now supports the latest Signature Version 4. This latest signature version ...

Question: HTTPS Azure Blob Storage Connection

<Error><Code>AuthenticationFailed</Code><Message>Server failed to ... the HTTP request 'xxxxxxx' is not the same as any computed signature.