"Signature did not match..." when upload blob to Azure Storage with Fine-uploader

618 views Asked by At

I've a ton of SO post about this error, but I checked everything and still don't find why Azure Blob Storage keep failing authenticate my upload request. I use Fine-Uploader to generate the request :

 var uploaderInstance = $('#baz-fine-uploader').fineUploaderAzure({
            template: 'qq-template-manual-trigger',
            debug: true,
            request: {
                containerUrl: 'https://{MYACCOUNT}.blob.core.windows.net/client1',
                endpoint: 'https://{MYACCOUNT}.blob.core.windows.net/client1'
            },  
            // for Azure
            signature: {
                endpoint: "/api/upload/sas"
            },

            uploadSuccess: {
                endpoint: "/api/upload/success"
            },

            cors: {
                //all requests are expected to be cross-domain requests
                expected:true
            }
        });

I generate the SAS URI with the Azure SDK, following what is recommended by Fine-uploader :

public string GetBlobSAS(string bloburi, string method)
    {
        try
        {

            var credentials = new StorageCredentials(STORAGE_ACCOUNT_NAME, STORAGE_ACCOUNT_KEY);                

            CloudBlockBlob blob = new CloudBlockBlob(new Uri(bloburi), credentials);
            var sas = blob.GetSharedAccessSignature(new SharedAccessBlobPolicy()
            {
                Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create,
                SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15)
            });


            return string.Format(CultureInfo.InvariantCulture, "{0}{1}", bloburi, sas);

        }
        catch (Exception ex)
        {
            Debug.WriteLine(ex);
            throw ex;
        }
    }

I created a CORS access policy through the Azure portal, and for test purpose, I set "everything" allowed, especially the "Allowed-Origin" field to "*", as I'm testing from my locahost : CORS for specified container

Finally, Fine-uploader ask me for the SAS, fetch it and BOUM, the server answers :

    OPTIONS https://{MYACCOUNT}.blob.core.windows.net/client1/5f89f3ae-2d10-4e4e-8f3f-25d…QAY40QjKGoJcDsHolt8KXjB86chaTWg0f4t4%3D&se=2016-12-20T14%3A34%3A58Z&sp=rcw 403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)
XMLHttpRequest cannot load https://{MYACCOUNT}.blob.core.windows.net/client1/5f89f3ae-2d10-4e4e-8f3f-25d…QAY40QjKGoJcDsHolt8KXjB86chaTWg0f4t4%3D&se=2016-12-20T14%3A34%3A58Z&sp=rcw. Response for preflight has invalid HTTP status code 403

The server response is

    <Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:71041c4f-0001-00cf-69cc-5aa7de000000 Time:2016-12-20T14:21:35.7541369Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rcw 2016-12-20T14:34:58Z /blob/{MYACCOUNT}/client1/5f89f3ae-2d10-4e4e-8f3f-25d7b4760965.PNG 2015-12-11
</AuthenticationErrorDetail>
</Error>

Really don't know what else I can do now.. According to whatever SO post, I also tried to add a "&comp=list&restype=container" at the end of my SAS URI, tried several combinations with that, none of them worked...

Any ideas??

0

There are 0 answers