Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] Invalid SAS signature with latest nuget

See original GitHub issue

Library name and version

Azure.Storage.Blobs 12.13.1

Describe the bug

Using the latest Azure.Storage.Blobs nugets we keep getting invalid SAS signature errors when generating direct download links.

<package id="Azure.Storage.Blobs" version="12.13.1" targetFramework="net48" />
<package id="Azure.Storage.Common" version="12.12.0" targetFramework="net48" />

Testing on the Azure Storage Explorer and generating a SAS link there works. So doesn’t seem to be a configuration issue.

Copy/pasting the example from MSDN also fails… https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create?tabs=dotnet#create-a-service-sas-for-a-blob

We then downgraded the nugets and it works again…

<package id="Azure.Storage.Blobs" version="12.10.0" targetFramework="net48" />
<package id="Azure.Storage.Common" version="12.10.0" targetFramework="net48" />

Unclear where to figure out when/if breaking changes were introduced to this specific nuget?!

I don’t have time to check all the versions in between when it started to break…

Googling I found people solving a similar issue by using account tokens instead of connection string. But we do want to keep the access using connection string.

Expected behavior

Valid SAS signature using connection string like with version 12.10

Actual behavior

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:fc477859-6201-4db0-87cc-776be825759d Time:2022-09-01T12:06:35.7634604Z</Message>
  <AuthenticationErrorDetail>Signature did not match. String to sign used was r 2022-09-01T12:01:35Z 2022-09-01T12:16:35Z /blob/devstoreaccount1/practice-0fff615e-c088-4ccf-86c5-3d3a9679dbc5/tarif590-745ec923-9398-4f85-bc1c-639ff4870e4a 2021-08-06 b attachment; filename="SomeDocument.pdf" </AuthenticationErrorDetail>
</Error>

Reproduction Steps

Using Visual Studio 2019 Version 16.11.18 & Azure Storage Emulator 5.10.0.0

  1. Upload file to blob
  2. Generate download link with SAS
  3. Link doesn’t work

Environment

Windows 10, Visual Studio 2019 Version 16.11.18, .net Framework 4.8

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:8 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
younitec-chcommented, Sep 2, 2022

Hi

I’ve got time to further narrow it down, it started to break in 12.11

const string StorageConnectionString = "StorageConnectionString";
string blobKey, containerName, fileName;

string connectionString = ConfigurationManager.ConnectionStrings[StorageConnectionString].ConnectionString;
var blobServiceClient = new BlobServiceClient(connectionString);
var blobContainerClient = blobServiceClient.GetBlobContainerClient(containerName);
var blobClient = blobContainerClient.GetBlobClient(blobKey);

// create SAS token that is 15 min valid
var sasBuilder = new BlobSasBuilder
{
    StartsOn = DateTime.UtcNow.AddMinutes(-5),
    ExpiresOn = DateTime.UtcNow.AddMinutes(10),
    BlobContainerName = blobClient.BlobContainerName,
    BlobName = blobClient.Name,
    ContentDisposition = $"attachment; filename=\"{fileName}\""
};

// set read permission
sasBuilder.SetPermissions(BlobSasPermissions.Read);

return blobClient.GenerateSasUri(sasBuilder).AbsoluteUri;

Let me know if you need further info

0reactions
younitec-chcommented, Sep 16, 2022

@gonzales91 Thanks for the tip, we moved to azurite and can’t reproduce it anymore. But we also had the issue in production on Azure which we now also can’t reproduce anymore…

Read more comments on GitHub >

github_iconTop Results From Across the Web

getting failed authentication error while upload blob using ...
The reason your code is failing is because you're trying to create an instance of BlobClient using a container SAS URL.
Read more >
Azure Storage Explorer troubleshooting guide
Select Shared access signature (SAS) > Next. Type the shared access signature URL you received and enter a unique display name for the ......
Read more >
Looking for a C# sample to upload/download file by given ...
I am looking for a sample to do the same by given an Azure Shared Access Signature (SAS). If anyone has a sample...
Read more >
Azure.Maps.Search 1.0.0-beta.4
To create a new Azure Maps account, you can use the Azure Portal, ... Shared access signature (SAS) tokens are authentication tokens created...
Read more >
Azurite
Azurite V3 supports SharedKey, Account Shared Access Signature (SAS), Service SAS, OAuth, and Public Container Access authentications, you can use any Azure ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[FEATURE REQ] Search: Allow participation/override of document serialization

Next page

[BUG] BlobContainerClient throws Azure.RequestFailedException 409 if container already exists but account disallows public access