We want to be able to give access to some users to a container that they can see a list of their files in the browser, click on them to read them.
I created a storage account. A container with public access and have created few blobs in a container and have set the container public access level to read.
But when I try to access that container in the browser I get the following error. I created a SAS token for it in storage explorer.
https://teststorageaccount21.blob.core.windows.net/publicc?sv=2019-12-12&st=2021-02-08T20%3A58%3A42Z&se=2021-03-09T20%3A58%3A00Z&sr=c&sp=rl&sig=AjF0IpWIBGZtBeKcOodd8HieENZ0F3Cuig54Y8e0oIM%3D
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:9cb791c8-a01e-0016-625f-fe693a000000 Time:2021-02-08T21:16:09.2176268Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was rl 2021-02-08T20:58:42Z 2021-03-09T20:58:00Z /blob/teststorageaccount21/$root 2019-12-12 c </AuthenticationErrorDetail>
</Error>
When I try to access a blob within that container, I can access it without any problems.
This link can be used to see the file
https://teststorageaccount21.blob.core.windows.net/publicc/MyTest1.csv?sv=2019-12-12&st=2021-02-08T21%3A20%3A53Z&se=2021-03-09T21%3A20%3A00Z&sr=b&sp=r&sig=%2Bw8oi73NUU4w%2FqgSAsNvjVHwBi0SgaoQAK6%2BF8P8QQs%3D
Why am I not able to see the list of blobs at the container level with public access. Also, I need help in understanding that authentication error. Not sure what signature didnt match.
Your SAS token is blob level, you need to generate SAS token in container level:
If you list blobs by https://<storage-account-name>.blob.core.windows.net/<container>?<sas-token> in the browser, you will receive an error:
<Error>
<Code>ContainerNotFound</Code>
<Message>The specified container does not exist. RequestId:54174bad-401e-0046-218e-fe53dd000000 Time:2021-02-09T02:52:30.1104394Z</Message>
</Error>
So you need to use List Blobs API, please use this format URL:
https://<storage-account-name>.blob.core.windows.net/<container>?restype=container&comp=list&<sas-token>
Related
I am trying to dynamically create email accounts for users via the CPanel API. According to the documentation here, an access token can be used to call the API endpoints. I have an access token generated already but I keep getting acccess denied. I already tried generating another access token just incase the first one was wrong but Its still the same error.
My curl command is in this format as specified in the docs:
curl -H'Authorization: cpanel username:U7HMR63FHY282DQZ4H5BIH16JLYSO01M' 'https://example.com:2083/execute/Email/add_pop?email=newuser&password=12345luggage'
What could I be doing wrong please ?
I am trying to get blob content present in my Azure storage container using Postman.
I created a Service Principal in Azure Ad and got access token successfully using scope as https://storage.azure.com/.default
I am trying to call query in Postman like below:
GET
https://storageaccountname.blob.core.windows.net/containername/filename
When I am calling the above query to get the blob, I got the below error:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:d60dec8d-401e-0084-0ccd-8be567000000
Time:2022-06-27T15:33:38.4195186Z</Message>
<AuthenticationErrorDetail>Authentication scheme Bearer is not supported in this version.</AuthenticationErrorDetail>
</Error>
What does the above error mean? Please help me to get rid of the error.
The error usually occurs if you missed adding x-ms-version header while calling the query.
I tried to reproduce the same in my environment and got the same error like below:
To resolve the error, I added x-ms-version header like below and got the blob content successfully:
I want to use Google Drive API to manage files programaticaly.
To do that, I use ID clients OAuth 2.0 Web Application. In OAuth consent screen (Edit App), I check .../auth/drive and .../auth/drive.readonly scopes.
I'm log in, I have token.json file. I can list and download files
Now, when I want to delete file, I do this in python : service.files().delete(fileId=item['id']).execute(). But I have this issue :
An error occurred: <HttpError 403 when requesting https://www.googleapis.com/drive/v3/files/<fileID>? returned "The user has not granted the app <appID> write access to the file <fileID>.". Details: "[{'message': 'The user has not granted the app <appID> write access to the file <fileID>.', 'domain': 'global', 'reason': 'appNotAuthorizedToFile', 'location': 'Authorization', 'locationType': 'header'}]">
What I do wrong ?
Thanks in advance !
The scopes declared in Google cloud console are mainly for use with verification of your application. Its your code that defines what scopes your application is requesting of the user.
I am going to assume that you are following the Quick start for python or quick start for node.js both use token.json for credential storage. The answer is the same either way.
This sample shows you how to use the files.list method which allows for a readonly scope.
While the file.delete does not allow for a readonly scope it requires write access.
Fix
In the code you can see that the scope is readonly
SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly']
This means that when the user authorized your app they authorized it with a readonly scope giving you access to read the files only. This the users credentials are now stored in token.json
To fix your issue change the scope to
SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly']
Then delete the token.json file and your app should now be resting full drive access giving you the ability to make changes like delete the files.
I am using your service through the IWD store locator. My credentials are entered in to the system and the map is not showing. Support from IWD said to give you this error and see if we can fix it.
H.service.jsonp.handleResponse(8)(<ns2:Error xmlns:ns2="http://www.navteq.com/lbsp/Errors/1" type="PermissionError" subtype="InvalidCredentials">invalid credentials for fFHA1J6L0plavYxkzTLa</ns2:Error>)
According to the error message are your credentials not valid to access the Here API.
How the integration of the Here API and Services is done within the IWD store locator can only the Support from IWD explain. Please reach out to them.
I have some png files stored in Azure file Storage, and I'm retrieving and displaying it from my MVC web project to the browser. But sometimes I get the below error message from browser console.
Failed to load resource: the server responded with a status of 400
(Condition headers are not supported.)
If I refresh the page again, the error message disappears automatically. But it doesn't solve my problem as I run my MVC project again, the same error comes back. How to solve it?
It's acutally a common issue on Azure Storage, which be listed in the offical reference Common REST API Error Codes as the figure below.
It means that Get File REST API does not support those request headers which not be listed in the Request Headers.
There is a similar SO thread Azure File Storage Error: Condition Headers Are Not Supported, which got the same issue with yours. It seems to show up different behavior in different browses when you get a file from Azure File Storage.
I could not reproduce this issus by a file url with SAS token, but I really recommend that you need to store these static files like images on Azure Blob Storage, as I known and as Azure best practice, to show an image by its url with sas token or a public container.