I wanted to create Azure blob container using python code using shared key Authorization,
I am getting below error:
b'xefxbbxbf<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.nRequestId:9e524b5e-301e-0051-4aa4-45750000nTime:2023-02-21T03:27:02.8384023Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'xxxxxxxxxxxxxxxx' is not the same as any computed signature. Server used following string to sign: 'PUTnnnnnnnnnnnnx-ms-date:Tue, 21 Feb 2023 03:27:01 GMTnx-ms-version:2020-04-08n/blobmediapedevwus2/mycontainernrestype:container'.</AuthenticationErrorDetail></Error>'
How to fix this?
Below is the python code:
import requests
import datetime
import hmac
import hashlib
import base64
# Set the storage account name and access key
STORAGE_ACCOUNT_NAME = 'vidyaflowerapp01'
STORAGE_ACCOUNT_KEY = "xxxxxxxxxx"
# Set the container name
CONTAINER_NAME = 'test'
# Set the request method and version
REQUEST_METHOD = 'PUT'
REQUEST_VERSION = '2020-04-08'
# Set the request date
REQUEST_DATE = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
CANONICALIZED_HEADERS = f'x-ms-date:{REQUEST_DATE}nx-ms-version:{REQUEST_VERSION}n'
# Set the canonicalized resource string
CANONICALIZED_RESOURCE = f'/{STORAGE_ACCOUNT_NAME}/{CONTAINER_NAME}nrestype:container'
VERB = 'PUT'
Content_Encoding = ''
Content_Language = ''
Content_Length = ''
Content_MD5 = ''
Content_Type = ''
Date = ''
If_Modified_Since = ''
If_Match = ''
If_None_Match = ''
If_Unmodified_Since = ''
Range = ''
CanonicalizedHeaders = CANONICALIZED_HEADERS
CanonicalizedResource = CANONICALIZED_RESOURCE
STRING_TO_SIGN = (VERB + 'n' + Content_Encoding + 'n' + Content_Language + 'n' +
Content_Length + 'n' + Content_MD5 + 'n' + Content_Type +
Date + 'n' + If_Modified_Since + 'n' + If_Match + 'n' +
If_None_Match + 'n' + If_Unmodified_Since + 'n' + Range + 'n' +
CanonicalizedHeaders + CanonicalizedResource)
signature = base64.b64encode(hmac.new(base64.b64decode(STORAGE_ACCOUNT_KEY), msg=STRING_TO_SIGN.encode('utf-8'), digestmod=hashlib.sha256).digest()).decode()
# Generate the authorization header
auth_header = f'SharedKey {STORAGE_ACCOUNT_NAME}:{signature}'
# Set the request URL
request_url = f'https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net/{CONTAINER_NAME}?restype=container'
# Set the request headers
request_headers = {
'x-ms-date': REQUEST_DATE,
'x-ms-version': REQUEST_VERSION,
'Authorization': auth_header
}
# Send the request
response = requests.put(request_url, headers=request_headers)
print(response.content)
print(response.status_code)
above code uses shared key Authorization to make request, we have to replace access-key and storage account in order test
Current response: 403
Expected response: 201
2
Answers
I believe the reason you are getting this error is because you are setting
Content-Lengthvalue to0inSTRING_TO_SIGNhowever the server is using an empty string when validating the signature (please look at the error details which tells you the string to sign used by server to verify the signature).From this
link:Please try by setting
Content_Lengthvariable to an empty string instead of0.Adding to what @Gaurav Mantri said, You are receiving this as because the authorization headers are not correctly formed. After reproducing from my end, this was working fine when I replace both
DateandContent Lengthwith empty string while building the signature. Below is the complete code that worked for me.Results: