stackoom
  简体   繁体   中英

Azure Blob Storage blob access from Azure Active Directory (Azure AD) authentication

 原文  2022-05-11 09:09:57       java/ azure/ azure-active-directory/ cloud

Question

 ClientSecretCredential clientSecret = new ClientSecretCredentialBuilder()
          .clientId("********-****-****-****-************").tenantId(
          "********-****-****-****-************")
          .clientSecret("*****~***************************~******").build();
        
        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .credential(clientSecret)
                .endpoint("https://sambhutestsa.blob.core.windows.net/")
                .buildClient();
        
        
            
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("testcontainer");
        
        
        System.out.printf("Identifier for the snapshot is %s%n", blobContainerClient.getBlobClient("2824891.jpg").downloadToFile("C:\\Users\\ss255248\\2824891.jpg");

but getting this error can someone please help here.

Exception in thread "main" com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:d813ea5f-d01e-004d-7b0f-656de3000000
Time:2022-05-11T08:13:50.0902556Z</Message></Error>

1 answers

solution1
 0  2022-05-12 05:55:57

To resolve the error, please try the following:

Make sure whether you have below roles assigned to your security principal:

If not, make sure to assign it like below:

Go to Azure Portal ->Identify the required scope (Subscription/Resource group) -> Access Control (IAM) -> Add Role assignment

在此处输入图像描述

  • Check whether your application has below API permissions :

图片2

For more information, please refer this MsDoc :

  • Otherwise , try setting the time zone to UTC-0 .
  • Try adding comp=list&restype=container to your SAS URL as a workaround.
  • Make use of the snippet suggested in this SO thread .

For more in detail, please refer below link:

Azure App Service rejected with 403 error by Storage Account - Stack Overflow

[Solved] Azure Shared Access Signature - Signature did not match - Local Coder

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure identity access to blob storage Blob storage java sdk authorize by azure AD Azure blob storage from Android PDF to Azure Blob storage Azure storage blob upload from url Download list of blobs from Azure Blob Storage Not able to delete blob from Azure storage Account - Azure Function (Java) Upload directory with sub-directories in java and azure blob storage sdk Is it possible to generate SAS (Shared Access Signature) with write permission for given directory in azure blob storage Azure storage block blob upload from android example
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM