stackoom
  简体   繁体   中英

Azure create blob container using REST api and managed identity - 403 error

 原文  2021-06-17 10:37:56       node.js/ azure/ azure-storage/ azure-managed-identity/ azure-rest-api

Question

I am trying to create blob container under storage account using REST api

I am using managed identity (for app service, node application) to interact with storage account. This managed identity has necessary permission on resource group and storage account - storage account contributor and storage blob data contributor

Here are the steps I'm following:

mandatory headers I'm sending in the 2nd step are:

  • Authorization: Bearer access-token
  • x-ms-date: 2021-06-17T09:01:48.667Z
  • x-ms-version: 2020-04-08

I'm getting: statusCode: 403, statusMessage: 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.'

Is there anything I'm missing while sending authorization header. Couldn't find any example of calling create container api using managed identity.

Another option would be to use blob storage sdk ( https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-nodejs ) but couldn't find any samples of creating container using managed identity.

Any pointers to make this work are greatly appreciated.

Thanks,

1 answers

solution1
 0 ACCPTED  2021-06-17 13:17:56

First, you couldn't call Rest API with managed identity . Authorization header needs the authorization scheme, account name, and signature.

在此处输入图片说明

Manage blobs with JavaScript v12 SDK in Node.js:

You could use @azure/identity for managed identity.

const { ManagedIdentityCredential } = require("@azure/identity");
const { BlobServiceClient } = require("@azure/storage-blob");

const credential = new ManagedIdentityCredential("<USER_ASSIGNED_MANAGED_IDENTITY_CLIENT_ID>");

const blobServiceClient = new BlobServiceClient(
    `https://${account}.blob.core.windows.net`,
    credential
);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Blob Service REST API - Error: read ECONNRESET How to Create a container by using REST url with api? Authentication Failed while making REST API call to GET container details in AZURE STORAGE BLOB Upload a Stream to Azure Blob Storage using REST API without Azure SDK Using Azure blob Container in right way? Authentication Failed in REST api call to PUT Blob in Azure Storage [REST][Azure Blob] Authentication Failed while using Azure AD Bearer Token, to return list of containers [Azure Blob] [Azure AD OAuth 2.0] [REST API] azure's createBlockBlobFromLocalFile doesn't create blob on storage container Azure REST API PUT Header in Node.js for Copying Blob Connect to Azure Blob Storage REST API with axios, Node.js
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM