Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Storage] ErrorCode: AuthorizationPermissionMismatch when access azure queue with aad auth

See original GitHub issue

Hello, we are trying to use aad auth of a service principal to connect an azure queue.

I am following the sample code using QueueServiceClient.

            // Create a client that can authenticate using our token credential
            QueueServiceClient service = new QueueServiceClient(new Uri("https://speaker0reco0westus0dev2.queue.core.windows.net"), credential);

            // Make a service request to verify we've successfully authenticated
            var response = service.GetProperties();

            var queueClient = service.CreateQueue("testqueue2").Value;
            queueClient.SendMessage("abc");

service.GetProperties() returns 200 and CreateQueue() call succeeded, I can see the queue was created in the storage account. but the SendMessage() call failed with 403. “'This request is not authorized to perform this operation using this permission.”

I have added the Azure Storage API permission in the service principal and also added the service principal as an owner in the storage account owner list.

Could anyone let me know what I am missing here?

Thanks

Hua

Issue Analytics

State:
Created 3 years ago
Comments:7 (3 by maintainers)

Top GitHub Comments

2reactions

rgrace-puckcommented, May 25, 2023

For posterity, the 403 error was happening because I’m trying to access tags on the blobs. This operation requires the “Storage Blob Data Owner” role for some reason. After assigning the role, everything works fine.

https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-index-how-to?tabs=azure-portal#get-set-and-update-blob-index-tags

0reactions

amnguyecommented, May 23, 2023

Issue not caused by the storage SDK. Also the OP did not respond to my first response. Closing issue.

Top Results From Across the Web

Azure Blob Storage "Authorization Permission Mismatch ...

To solve this problem, I went to Azure > Storage account > Access Control (IAM) and added the Storage Blob Data Contributor role...

Resolving an AuthorizationPermissionMismatch from the ...

Choose Storage Blob Data Contributor from the Role dropdown. Leave the Assign access to dropdown set to Azure AD user, group or service...

Code: AuthorizationPermissionMismatch - Microsoft Q&A

we are transferring data fron azure blob storage to gcp vm through a tunnel using azcopy for this purpose, but encountering this error, ......

Fixed – authorizationpermissionmismatch Azure Blob ...

We got the below error while trying to transfer files to Azure Blob Storage using AzCopy INFO: Authentication failed, it is either not ......

Could not access queue; This request is not authorized to ...

Navigate to the Storage Account -> Access control (IAM) -> Role assignments: User-added image; Click Add button on the top, and then select...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

[Storage] ErrorCode: AuthorizationPermissionMismatch when access azure queue with aad auth

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[BUG] Azure Servicebus 4.1.1 Compile time warnings due to conflicting System.IdentityModel.Tokens.Jwt

[QUERY] Retrieving a status of a current deployment, from a Web API