Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Azure Blob Storage: BlobClient name causing issues when generating SAS token

See original GitHub issue

Trying to generate SAS tokens for blobs that are stored in Azure Blob Storage, using the Azure.Storage.Blobs.BlobClient and Azure.Storage.Sas.BlobSasBuilder. Provided the BlobClient’s Name property to BlobSasBuilder’s BlobName property. This only works as long as there is no character that will be URL-encoded in the blob name, e.g. a blankspace.

I would expect the BlobClient.Name to return the blob name without any encoding.

Using BlobClient.Name for the SAS-token will generate a URI that is invalid if used.

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>
    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:7b5be14d-d01e-0052-3bbc-401398000000 Time:2020-06-12T13:24:49.0110739Z
  </Message>
  <AuthenticationErrorDetail>
    Signature did not match. String to sign used was r 2020-06-12T13:23:26Z 2020-06-12T14:23:26Z /blob/xxx/files/a0958aeb-3de7-430f-a94b-88314be31f26/test (2).txt https 2019-07-07 b
  </AuthenticationErrorDetail>
</Error>

To Reproduce: I realize that the BlobClient isn’t necessary in below example. It would be more valid if the method were to say, upload a blob and return the SAS URI.

// Called with:
// id = "a0958aeb-3de7-430f-a94b-88314be31f26"
// fileName = "test (2).txt"
public string GetBlobUri(Guid id, string fileName)
{
  var blobName = $"files/{id}/{fileName}";
  var blobClient = _containerClient.GetBlobClient(blobName);

  var sas = new BlobSasBuilder
  {
    BlobContainerName = _containerClient.Name,
    BlobName = blobClient.Name, // will be "files/a0958aeb-3de7-430f-a94b-88314be31f26/test%20(2).txt" instead of "files/a0958aeb-3de7-430f-a94b-88314be31f26/test (2).txt"
    Resource = "b",
    StartsOn = DateTimeOffset.UtcNow,
    ExpiresOn = DateTimeOffset.UtcNow.AddHours(1),
    Protocol = SasProtocol.Https,
  };
  sas.SetPermissions(BlobSasPermissions.Read);

  var sasUri = new UriBuilder(blobClient.Uri)
  {
    Query = sas.ToSasQueryParameters(_sharedKeyCredential).ToString()
  };

  return sasUri.ToString();
}

Package:

Azure.Storage.Blobs 12.4.1

Issue Analytics

State:
Created 3 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

amnguyecommented, Jun 18, 2020

Related to #12837

So scratch what I said before.

Looks like since the behavior on encoding the name isn’t consistent between using GetBlobClient and making a new BlobClient. So since it’s clearly a regression and bug, it’s not a breaking change and we can change it back to not an encoded Name.

We will look to get this fixed soon.

0reactions

Smurfacommented, Jun 30, 2020

Awesome, thank you for the update.