stackoom
  简体   繁体   中英

Authorization Failure when accessing Azure table via SAS on Xamarin

 原文  2017-01-17 18:25:01       azure/ xamarin/ xamarin.forms/ azure-table-storage/ azure-app-api

Question

I have set up a custom API to generate a SAS token for my Xamarin app. Once I have received the token on the app, I connect to the table and try to run .ExistsAsync() to confirm that I can communicate with the table. I'm running into an issue where I have generated a SAS properly (though I'm wondering if the start/end times are off), but I'm getting an Authorization Failure when I try to call ExistsAsync(). Listed below is my SAS generation API, my Xamarin app methods calling ExistsAsync(), and the error message I am receiving.

Custom API for SAS generation: 

module.exports = {
    "post": function (req, res, next) {
        var azure = require('azure-storage');
        var tableName = req.body.Table;

        // First 2 parameters are account name and key for your service
        var tableService = azure.createTableService('ACCOUNT_NAME', 'ACCOUNT_KEY', 'ACCOUNT_URL');

        // creating the table we want the token for - on the off chance it's not there yet
        tableService.createTableIfNotExists(tableName, function (err, result, response) {
            if (!err) {
                var expiryDate = new Date();
                var startDate = new Date();
                expiryDate.setMinutes(startDate.getMinutes() + 100);
                startDate.setMinutes(startDate.getMinutes() - 100);

                var sharedAccessPolicy = {
                    AccessPolicy: {
                        Permissions: 'raud', // requesting read, add, update and delete
                        Start : startDate,
                        Expiry: expiryDate
                    },
                };

                var tableSAS = tableService.generateSharedAccessSignature(tableName, sharedAccessPolicy);
                res.send(200, { Token : tableSAS });
            } else {
                res.send(500, { Token : "Error creating table"});
            }  
        });
    }
};

Xamarin app code for Table connection (Calling TestDataConnection()): 

public async Task<bool> TestDataConnection()
{
    if( tableClient == null ) {
        await ConnectToDatabase();
    }
    CloudTable table = tableClient.GetTableReference("MeasurementJournal");
    bool exists = false;
    try {
        exists = await table.ExistsAsync();
    } catch (Exception e) {
        Debug.WriteLine("Error checking if table exists: " + e.ToString());
    }
    return exists;
}

private async Task<bool> ConnectToDatabase()
{
    // Get credentials
    var credentials = await GetStorageCredentials();

    // Create client
    tableClient = new CloudTableClient(new Uri(Utility.ProjectConstants.tableServiceUrl), credentials);

    return true;
}

/**
 * GetStorageCredentials
 * 
 * Gets storage credentials from sas custom API
 */
private async Task<StorageCredentials> GetStorageCredentials()
{
    string token = "NULL";

    try {
        MobileServiceClient serviceClient = new MobileServiceClient(ACCOUNT_URL);

        //create req
        Model.SasRequest req = new Model.SasRequest();
        req.Table = "MeasurementJournal";

        //send req
        Model.SasResponse response = await serviceClient.InvokeApiAsync<Model.SasRequest, Model.SasResponse>(API_EXTENSION, req, HttpMethod.Post, null);

        //save token from response
        token = response.Token;
    } catch (Exception e) {
        Debug.WriteLine("Received exception: " + e.ToString());
    }
    return new StorageCredentials(token);
}

Error Message: 

01-07 16:13:22.374 28311 28311 I mono-stdout: Error checking if table exists: Microsoft.WindowsAzure.Storage.WrappedStorageException (0x80041193): <?xml version="1.0" encoding="utf-16"?>
01-07 16:13:22.374 28311 28311 I mono-stdout: <!--An exception has occurred. For more information please deserialize this message via RequestResult.TranslateFromExceptionMessage.-->
01-07 16:13:22.374 28311 28311 I mono-stdout: <RequestResult>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <HTTPStatusCode>403</HTTPStatusCode>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <HttpStatusMessage>Forbidden</HttpStatusMessage>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <TargetLocation>Primary</TargetLocation>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <ServiceRequestID>f90ae37f-0002-0030-1d33-693dbe000000</ServiceRequestID>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <ContentMd5 />
01-07 16:13:22.374 28311 28311 I mono-stdout:   <Etag />
01-07 16:13:22.374 28311 28311 I mono-stdout:   <RequestDate>Sat, 07 Jan 2017 16:13:22 GMT</RequestDate>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <StartTime>Sat, 07 Jan 2017 22:13:21 GMT</StartTime>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <EndTime>Sat, 07 Jan 2017 22:13:22 GMT</EndTime>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <Error>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <Code>AuthorizationFailure</Code>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <Message>This request is not authorized to perform this operation.
01-07 16:13:22.374 28311 28311 I mono-stdout: RequestId:f90ae37f-0002-0030-1d33-693dbe000000
01-07 16:13:22.374 28311 28311 I mono-stdout: Time:2017-01-07T22:13:22.5850271Z</Message>
01-07 16:13:22.374 28311 28311 I mono-stdout:   </Error>
01-07 16:13:22.374 28311 28311 I mono-stdout:   <ExceptionInfo>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <Type />
01-07 16:13:22.374 28311 28311 I mono-stdout:     <HResult>-2146233088</HResult>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <Message>Unexpected response code, Expected:OK or NotFound, Received:Forbidden</Message>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <Source>Microsoft.WindowsAzure.Storage</Source>
01-07 16:13:22.374 28311 28311 I mono-stdout:     <StackTrace>  at Microsoft.WindowsAzure.Storage.Core.Executor.Executor+&lt;ExecuteAsyncInternal&gt;d__6`1[T].MoveNext () [0x0095a] in &lt;b3bed838f8344d41a1a82c4a3b228bac&gt;:0 </StackTrace>
01-07 16:13:22.374 28311 28311 I mono-stdout:   </ExceptionInfo>
01-07 16:13:22.374 28311 28311 I mono-stdout: </RequestResult> ---> Microsoft.WindowsAzure.Storage.StorageException: Unexpected response code, Expected:OK or NotFound, Received:Forbidden
01-07 16:13:22.374 28311 28311 I mono-stdout:   at Microsoft.WindowsAzure.Storage.Core.Executor.Executor+<ExecuteAsyncInternal>d__6`1[T].MoveNext () [0x0095a] in <b3bed838f8344d41a1a82c4a3b228bac>:0
01-07 16:13:22.374 28311 28311 I mono-stdout: Request Information
01-07 16:13:22.374 28311 28311 I mono-stdout: RequestID:f90ae37f-0002-0030-1d33-693dbe000000
01-07 16:13:22.374 28311 28311 I mono-stdout: RequestDate:Sat, 07 Jan 2017 16:13:22 GMT
01-07 16:13:22.374 28311 28311 I mono-stdout: StatusMessage:Forbidden
01-07 16:13:22.374 28311 28311 I mono-stdout: ErrorCode:AuthorizationFailure

2 answers

solution1
 1 ACCPTED  2017-01-19 07:52:31

CloudTable.ExistsAysnc() calls Query Tables REST API, so the table SAS with QueryEntity permission isn't authorized for this operation. You'd need account key or account SAS to run CloudTable.ExistsAysnc() method.

solution2
 0  2017-01-17 19:17:45

I believe you have discovered a bug in the library. I am able to reproduce this error. I would recommend filing an issue for the same on Github.

In the meantime, another way you can check for the existence of the table is by querying the table and try to fetch just one record. It doesn't matter if the table is empty or contains any records. If the table doesn't exist, the operation will give 404 error.

Here's a sample code to do so: 

        var cred = new StorageCredentials(accountName, accountKey);
        var account = new CloudStorageAccount(cred, true);
        var client = account.CreateCloudTableClient();
        var table = client.GetTableReference("Hello1");
        var sas = table.GetSharedAccessSignature(new SharedAccessTablePolicy()
        {
            Permissions = SharedAccessTablePermissions.Query,
            SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1),
            SharedAccessStartTime = DateTime.UtcNow.AddDays(-1)
        });
        var tableClient = new CloudTableClient(account.TableEndpoint, new StorageCredentials(sas));
        table = tableClient.GetTableReference("Hello1");
        var queryResult = table.ExecuteQuerySegmented(new TableQuery()
        {
            TakeCount = 1
        }, null);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Blob Storage authorization with SAS Azure Schema Registry: SAS authorization Sporadic 403 forbidden when accessing Azure blob storage through SAS MSI Authorization error when trying to send request via Azure Function azure blob download via SAS Azure: SAS is rejected with Blob Download Failure when attempting to copy blob to storage account in different tenant? Azure AKS-API (Preview Authorization Failure Getting “Authorization Failure (401)” when updating an Azure Service Bus Subscription using REST API Azure Table Storage SAS REST Getting access denied when accessing Azure Web App via token
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM