I'm trying to use the Azure File Service REST API to create a file from PowerShell, using a Shared Access Signature, and I can't figure out how to set the required Authorization header when the authorization scheme is Shared Access Signature.
I'm only using PowerShell to try and figure out the REST API syntax, then I need to port the REST calls to JavaScript so they can be called client side.
Here's what I've discovered so far:
1.The MSDN documentation for Create File states that the header is required, but the sample request only illustrates SharedKey authorization header.
https://learn.microsoft.com/en-us/rest/api/storageservices/create-file#request
2.The Shared Access Signature examples work fine for generating a SAS, but they don't document request headers at all in the example following calls that use the SAS:
https://learn.microsoft.com/en-us/rest/api/storageservices/service-sas-examples#file-examples
3.There's a nice Xamarin answer here, but the answer only explicitly sets the x-ms-type and x-ms-content-length headers, the rest seem to part of a call to client.DefaultRequestHeaders.
Azure File Share REST API for Xamarin
My code at the moment looks as follows:
$ctx = New-AzStorageContext -StorageAccountName "mystorage" -StorageAccountKey "REDACTED"
$start = Get-Date
$end = $start.AddHours(2.0)
$uri = New-AzStorageFileSASToken -ShareName "web" -Path "documents/newfile.txt" -Permission "w" -StartTime $start -EndTime $end -Context $ctx -FullUri
$headers = @{'x-ms-version' = '2019-12-12'; 'x-ms-type' = 'file'; 'x-ms-content-length' = '55'; 'x-ms-date' = 'Thu, 22 Oct 2020 19:28:55 BST'}
invoke-restmethod -Uri $uri -Method Put -InFile $file -Headers $headers
The result of the final call is:
invoke-restmethod : InvalidHeaderValueThe value for one of the HTTP headers is not in the correct format.
My question is, does anyone have a valid example of the complete HTTP request including headers when calling the Azure File Service REST API?
You can generate a complete HTTP request directly from the Azure portal:
Go to Azure portal>Storage accounts>your accounts>Shared access signature, find Allowed services and select File, then click generate SAS and connection string to generate File service SAS URL,it is actually composed of Connection string+SAS token.
Use of Shared access signature does not require authorization header because it is already included in the request information.