powershell script listing objects on azure blob container 403 This request is not authorized to perform this operation

Question

I have generated a SAS token from azure with the intention of using it to access a container within the storage account. I have left all the permissions, got every one of them ticked. The token got generated and I am using the code snippet below.

$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol
$ctx = New-AzStorageContext -StorageAccountName "my-storage-account"  -sastoken "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
get-azstoragecontainer -container "my-container" -Context $ctx -Debug

I get the error below, and I'm unsure as to what I'm missing.

x-ms-version:2021-06-08
Accept:application/xml
User-Agent:AzurePowershell/v1.0.0,azsdk-net-Storage.Blobs/12.12.0 (.NET Framework 4.8.4515.0; Microsoft Windows 10.0.19044 )
x-ms-client-request-id:abb66a91-xxxx-43e9-9391-xxxxxxxx
x-ms-return-client-request-id:true
client assembly: Azure.Storage.Blobs
DEBUG: Response [abb66a91-xxxx-43e9-9391-xxxxxxxx] 200 OK (00.1s)
x-ms-request-id:88fd2933-101e-0062-749d-35abda000000
x-ms-client-request-id:abb66a91-xxxx-43e9-9391-xxxxxxxx
x-ms-version:2021-06-08
x-ms-meta-hdi_version:REDACTED
x-ms-lease-status:unlocked
x-ms-lease-state:available
x-ms-has-immutability-policy:false
x-ms-has-legal-hold:false
x-ms-immutable-storage-with-versioning-enabled:REDACTED
x-ms-default-encryption-scope:$account-encryption-key
x-ms-deny-encryption-scope-override:false
Content-Length:0
Date:Tue, 31 Jan 2023 09:54:59 GMT
ETag:"0x8DA81EFF05B25D0"
Last-Modified:Fri, 19 Oct 2022 19:34:35 GMT
Server:Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0

DEBUG: Request [dt45454-3b50-4ede-a572-dtrtrt] GET https://xxxxxxx.blob.core.windows.net/my-container?sv=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

x-ms-version:2021-06-08
Accept:application/xml
User-Agent:AzurePowershell/v1.0.0,azsdk-net-Storage.Blobs/12.12.0 (.NET Framework 4.8.4515.0; Microsoft Windows 10.0.19044 )
x-ms-client-request-id:dt45454-3b50-4ede-a572-dtrtrt
x-ms-return-client-request-id:true
client assembly: Azure.Storage.Blobs
DEBUG: Error response [dt45454-3b50-4ede-a572-dtrtrt] 403 This request is not authorized to perform this operation. (00.0s)
x-ms-request-id:fdsf7823f-101e-0062-079d-35abda1111
x-ms-client-request-id:dt45454-3b50-4ede-a572-dtrtrt
x-ms-version:2021-06-08
x-ms-error-code:AuthorizationFailure
Content-Length:246
Content-Type:application/xml
Date:Tue, 31 Jan 2023 09:54:59 GMT
Server:Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0



   Storage Account Name: my-storage-account

Name                 PublicAccess         LastModified                   IsDeleted  VersionId        
----                 ------------         ------------                   ---------  ---------        
my-container                                   19/08/2022 14:34:35 +00:00                                 
DEBUG: 09:54:57 - GetAzureStorageContainerCommand end processing, Start 0 remote calls. Finish 0 remote calls. Elapsed time 1148024.64 ms. Client operation id: Azure-Storage-PowerShell-.
DEBUG: AzureQoSEvent: Module: Az.Storage:4.6.0; CommandName: Get-AzStorageContainer; PSVersion: 5.1.19041.2364; IsSuccess: True; Duration: 00:00:00.1344053
DEBUG: Finish sending metric.
DEBUG: 09:54:57 - GetAzureStorageContainerCommand end processing.

Answer 1

The logs you've indicated above aren't errors; rather, they're logs debugging response you've been getting because of -DEBUG command. If you intend not to get any of such responses and to use the objects on azure blob container, you can remove -DEBUG and store the values of it into a variable. I used the same code as yours and got the below results without using debug :