powershell azure-storage azure-table-storage azure-authentication shared-access-signatures

Running a query against an Azure storage table returns 403 AuthenticationFailed, but returning all entries in a table returns 200 OK

I am unable to query storage tables using this documentation.

Here is the function I am using to get a shared key in order to authenticate against the Azure storage table.

function Get-SharedKeyLiteAuthHeader {
    param(
        [Parameter(Mandatory = $TRUE)]
        [String]
        $StorageAccount,
        [Parameter(Mandatory = $TRUE)]
        [String]
        $TableName,
        [Parameter(Mandatory = $TRUE)]
        [String]
        $AccessKey,
        [Parameter(Mandatory = $FALSE)]
        [String]
        $Version = "2020-04-08"
    )
    $GMTTime = (Get-Date).ToUniversalTime().toString('R')
    $StringToSign = "$GMTTime`n/$($StorageAccount)/$($TableName)"
    $Hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $Hmacsha.key = [Convert]::FromBase64String($AccessKey)
    $Signature = $Hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($StringToSign))
    $Signature = [Convert]::ToBase64String($Signature)

    return @{
        'x-ms-date'    = $GMTTime
        Authorization  = "SharedKeyLite " + $StorageAccount + ":" + $Signature
        "x-ms-version" = $Version
        Accept         = "application/json;odata=fullmetadata"
    }
}

Here is the REST call I am making that returns all table entries & returns a status code of 200.

$Uri = "https://$($StorageAccount).table.core.windows.net/$($TableName)"
$Headers = Get-SharedKeyLiteAuthHeader -StorageAccount $StorageAccount -TableName $TableName -AccessKey $AccessKey

$AllEntries = Invoke-RestMethod -Method GET -Uri $Uri -Headers $Headers -ContentType application/json

Here is the REST call I am making that returns 403 AuthenticationFailed.

$Uri = "https://$($StorageAccount).table.core.windows.net/$($TableName)()?$top=2"
$Headers = Get-SharedKeyLiteAuthHeader -StorageAccount $StorageAccount -TableName $TableName -AccessKey $AccessKey

$SomeEntries = Invoke-RestMethod -Method GET -Uri $Uri -Headers $Headers -ContentType application/json

My end goal is to filter by date, but I can't get any of the query parameters working. I suspect it has to do with missing header elements, but I can't pin down what those might be as this documentation that discusses the header elements required lists all of the elements that I have already specified.

Any help is appreciated - thank you.

Solution

Try to change the URL, just delete the () :

https://$($StorageAccount).table.core.windows.net/$($TableName)?$top=2

I tried with the your code, it return AuthenticationFailed.

Invoke-RestMethod : {"odata.error":{"code":"AuthenticationFailed","message":{"lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization 
header is formed correctly including the signature.

Maybe you will change StringToSign when getting this error. However, it is correct and no need to add query string, see here.

The query string should include the question mark and the comp parameter (for example, ?comp=metadata). No other parameters should be included on the query string.