Jump to content
Sign in to follow this  
pcplayer99

Azure Blob Key Error

Recommended Posts

Hello,

 

Delphi 10.3 community edition.

 

I have tested use TAzureBlobService to access Azure emulator in my computer. And I get error response:

 

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:2e648c39-3ae5-4ff1-aef8-325878f77965
Time:2019-01-31T03:17:34.6280300Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'VRtiV8kOIdM0mdLAaMCmw3EbMhxvyA8D+Clxie739VU=' is not the same as any computed signature. Server used following string to sign: 'GET

x-ms-date:Thu, 31 Jan 2019 03:17:34 GMT
/devstoreaccount1/devstoreaccount1/pcplayer1?comp=list'.</AuthenticationErrorDetail></Error>

 

and I searched on WEB, found two posts like this error:

 

1. https://www.delphipraxis.net/197152-tazureblobservice-geht-nicht-mit-android.html

2. https://forums.embarcadero.com/thread.jspa?threadID=218127

 

So, is it a bug of Delphi TAzureBlobService ?

 

I make a MappedPort program to emulator a proxy by using TIdMappedPortTCP add a TIdLogFile to log all access to Azure.

I use Microsoft Azure Storage Explorer to access my Azure emulator, log it:

 

Recv 2019/1/31 9:30:50: GET /devstoreaccount1/?comp=properties&restype=service&_=1548898250197 HTTP/1.1
x-ms-client-request-id: d7774230-24f7-11e9-8121-d92073b6b410
user-agent: Microsoft Azure Storage Explorer, 1.6.2, win32, Azure-Storage/2.10.0 (NODE-VERSION v8.9.3; Windows_NT 10.0.17134)
x-ms-version: 2018-03-28
x-ms-date: Thu, 31 Jan 2019 01:30:50 GMT
accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
content-type: 
content-length: 0
authorization: SharedKey devstoreaccount1:AzOgFuwIyAjaMky5nllpbLF3ihtgyoDJCNn1EZwubEc=
host: 192.168.8.5:801
Connection: keep-alive


Sent 2019/1/31 9:30:50: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/xml
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dbf72dc0-ceb8-43a3-8758-72bbe10fee00
x-ms-version: 2018-03-28
Date: Thu, 31 Jan 2019 01:30:50 GMT

212
<?xml version="1.0" encoding="utf-8"?><StorageServiceProperties><Logging><Version>1.0</Version><Read>false</Read><Write>false</Write><Delete>false</Delete><RetentionPolicy><Enabled>false</Enabled></RetentionPolicy></Logging><HourMetrics><Version>1.0</Version><Enabled>false</Enabled><RetentionPolicy><Enabled>false</Enabled></RetentionPolicy></HourMetrics><MinuteMetrics><Version>1.0</Version><Enabled>false</Enabled><RetentionPolicy><Enabled>false</Enabled></RetentionPolicy></MinuteMetrics><Cors /></StorageServiceProperties>

Sent 2019/1/31 9:30:50: 0


Recv 2019/1/31 9:30:50: GET /devstoreaccount1/pcplayer1?restype=container&comp=acl&_=1548898250786 HTTP/1.1
x-ms-client-request-id: d7d0faf0-24f7-11e9-8121-d92073b6b410
user-agent: Microsoft Azure Storage Explorer, 1.6.2, win32, Azure-Storage/2.10.0 (NODE-VERSION v8.9.3; Windows_NT 10.0.17134)
x-ms-version: 2018-03-28
x-ms-date: Thu, 31 Jan 2019 01:30:50 GMT
accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
content-type: 
content-length: 0
authorization: SharedKey devstoreaccount1:o3/xHdDlKczItY778kXx22ph9HWGwj4hJRDdzYze5u0=
host: 192.168.8.5:801
Connection: keep-alive


Sent 2019/1/31 9:30:50: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/xml
Last-Modified: Wed, 30 Jan 2019 14:41:03 GMT
ETag: "0x8D686C0F58A53B0"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e0991d7a-7682-47d9-afe5-d00e6b9b5e91
x-ms-version: 2018-03-28
x-ms-blob-public-access: container
Date: Thu, 31 Jan 2019 01:30:50 GMT

3E
<?xml version="1.0" encoding="utf-8"?><SignedIdentifiers />

Sent 2019/1/31 9:30:50: 0


Recv 2019/1/31 9:30:52: HEAD /devstoreaccount1/pcplayer1?restype=container&_=1548898251862 HTTP/1.1
x-ms-client-request-id: d8752a30-24f7-11e9-8121-d92073b6b410
user-agent: Microsoft Azure Storage Explorer, 1.6.2, win32, Azure-Storage/2.10.0 (NODE-VERSION v8.9.3; Windows_NT 10.0.17134)
x-ms-version: 2018-03-28
x-ms-date: Thu, 31 Jan 2019 01:30:51 GMT
accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
content-type: 
content-length: 0
authorization: SharedKey devstoreaccount1:KXbz/5+aW2BA2+YIlLxJKT0+kG8tW/L3yghB8ju+CLI=
host: 192.168.8.5:801
Connection: keep-alive


Sent 2019/1/31 9:30:52: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Last-Modified: Wed, 30 Jan 2019 14:41:03 GMT
ETag: "0x8D686C0F58A53B0"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 46d2e105-0584-4832-8d28-090a6cb4a583
x-ms-version: 2018-03-28
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-public-access: container
Date: Thu, 31 Jan 2019 01:30:52 GMT


Recv 2019/1/31 9:30:53: GET /devstoreaccount1/pcplayertest?restype=container&comp=acl&_=1548898252875 HTTP/1.1
x-ms-client-request-id: d8752a33-24f7-11e9-8121-d92073b6b410
user-agent: Microsoft Azure Storage Explorer, 1.6.2, win32, Azure-Storage/2.10.0 (NODE-VERSION v8.9.3; Windows_NT 10.0.17134)
x-ms-version: 2018-03-28
x-ms-date: Thu, 31 Jan 2019 01:30:52 GMT
accept: application/atom+xml,application/xml
Accept-Charset: UTF-8
content-type: 
content-length: 0
authorization: SharedKey devstoreaccount1:LsU8wpcHSisV8q7E2+SJruQTGu+Z/8fZdzN4t9QtN1o=
host: 192.168.8.5:801
Connection: keep-alive


Sent 2019/1/31 9:30:53: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/xml
Last-Modified: Mon, 28 Jan 2019 13:15:01 GMT
ETag: "0x8D685229BE2FAF0"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aea17fb0-c8d9-4597-942b-18ee7ab499d1
x-ms-version: 2018-03-28
Date: Thu, 31 Jan 2019 01:30:53 GMT

3E
<?xml version="1.0" encoding="utf-8"?><SignedIdentifiers />

Sent 2019/1/31 9:30:53: 0


and my Delphi program that use TAzureBlobService access my emulator log is:

Recv 2019/1/31 10:49:07: GET /devstoreaccount1/pcplayer1?restype=container&comp=list&timeout=30 HTTP/1.1
Connection: Keep-Alive
Authorization: SharedKey devstoreaccount1:MX5XX4cHbVB7/f/+1dkpj9pZ7O49K4CEbFUcEfv6N/o=
User-Agent: Embarcadero URI Client/1.0
x-ms-date: Thu, 31 Jan 2019 02:47:18 GMT
x-ms-version: 2015-02-21
Host: 192.168.8.5:801


Sent 2019/1/31 10:49:07: HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Content-Length: 712
Content-Type: application/xml
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: 28db5ef4-6107-471c-b28f-4eb85cf0a808
Date: Thu, 31 Jan 2019 02:49:07 GMT

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:28db5ef4-6107-471c-b28f-4eb85cf0a808
Time:2019-01-31T02:49:07.4405300Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'MX5XX4cHbVB7/f/+1dkpj9pZ7O49K4CEbFUcEfv6N/o=' is not the same as any computed signature. Server used following string to sign: 'GET

x-ms-date:Thu, 31 Jan 2019 02:47:18 GMT
x-ms-version:2015-02-21
/devstoreaccount1/devstoreaccount1/pcplayer1
comp:list
restype:container
timeout:30'.</AuthenticationErrorDetail></Error>

 

So,  it like TAzureBlobService do a wrong calculation about the signature.

 

Share this post


Link to post

I found where the problem is.

 

I write a MappedPort program by using TIdMappedPortTCP and record any access bytes through it. This MappedPort program forward all access to my Azure emulator.

And I setup TAzureBlobService to access this mappedPort program. So I can see the http content it send to Azure. And I got:  Authorization: SharedKey devstoreaccount1:1OhravTUJ9HaYtwSrpAZnWH+NklYbr0EBllG9zyKNLU=

 

It is no problem here.

 

I setup a break point in TCloudAuthentication.BuildAuthorizationString, step by step to check "StringToSign" and I got:

[

GET
x-ms-date:Sat, 02 Feb 2019 03:36:19 GMT
x-ms-version:2015-02-21
/devstoreaccount1/pcplayer1
comp:list
restype:container
timeout:30'

]

 

but, the error message from Azure emulator shows:

Server used following string to sign: 'GET

x-ms-date:Thu, 31 Jan 2019 02:47:18 GMT
x-ms-version:2015-02-21
/devstoreaccount1/devstoreaccount1/pcplayer1
comp:list
restype:container
timeout:30

 

there is some different:  /devstoreaccount1/pcplayer1  and /devstoreaccount1/devstoreaccount1/pcplayer1

 

So, I use the sinString the error message the Azure emulator tell me as template, I write code myself to create my own HTTP content and send it by TIdTcpClient,and my Azure emulator accept it! It works fine.

 

Another problem is: TAzureBlobService can not support Azure's SAS mode, it just support shared key mode.

Edited by pcplayer99

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×