List Blobs using Azure API Rest returns Forbidden
I'm trying to get the list of blobs inside a folder using the Azure Rest API and I'm getting 403 Forbidden for a problem building the authorization signature for the Shared Key.
Here is my source code:
// Build the authorization signature
var requestDate = DateTime.UtcNow.ToString("R");
var canonicalizedResource = $"/{accountName}/{containerName} \ncomp:list\nprefix:contacts/{contactId}\nrestype:container";
var stringToSign = $"GET\n\n\n\n\n\n\n\n\n\n\n\n{requestDate}\nx-ms-version:2023-08-03\n{canonicalizedResource}";
string signature;
using (var hmac = new HMACSHA256(Convert.FromBase64String(accessKey)))
{
var dataToHmac = Encoding.UTF8.GetBytes(stringToSign);
signature = Convert.ToBase64String(hmac.ComputeHash(dataToHmac));
}
// Make the HTTP GET request
var url = $"https://{accountName}.blob.core.windows.net/{containerName}?restype=container&comp=list&prefix=contacts/{contactId}";
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("x-ms-version", "2023-08-03");
client.DefaultRequestHeaders.Add("x-ms-date", requestDate);
client.DefaultRequestHeaders.Add("Authorization", $"SharedKey {accountName}:{signature}");
var response = await client.GetAsync(url);
// Process the response
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
Console.WriteLine("List of blobs in the container:");
Console.WriteLine(responseContent);
}
else
{
Console.WriteLine($"Error getting list of blobs. Status code: {response.StatusCode}");
}
}
Am I missing something?
Solution
List Blobs using Azure API Rest returns Forbidden.
I agree with Gaurav Mantri's comment. The above error occurs when you pass the wrong parameters in stringtosign in the code.
Here is the modified code to list the blob in a particular folder from Azure Blob Storage:
Code:
using System.Security.Cryptography;
using System.Text;
using System.Xml.Linq;
class Program
{
static async Task Main(string[] args)
{
var accountName = "venkat123";
var containerName = "test";
var contactId = "contacts/ContactId";
var accessKey = "your access key";
var apiversion = "2023-08-03";
DateTime dt = DateTime.UtcNow;
string StringToSign = String.Format("GET\n"
+ "\n" // content encoding
+ "\n" // content language
+ "\n" // content length
+ "\n" // content md5
+ "\n" // content type
+ "\n" // date
+ "\n" // if modified since
+ "\n" // if match
+ "\n" // if none match
+ "\n" // if unmodified since
+ "\n" // range
+ "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:" + apiversion + "\n" // headers
+ "/{0}/{1}\ncomp:list\nprefix:{2}\nrestype:container", accountName, containerName,contactId);
string signature;
using (var hmac = new HMACSHA256(Convert.FromBase64String(accessKey)))
{
var dataToHmac = Encoding.UTF8.GetBytes(StringToSign);
signature = Convert.ToBase64String(hmac.ComputeHash(dataToHmac));
}
// Make the HTTP GET request
var url = $"https://{accountName}.blob.core.windows.net/{containerName}?restype=container&comp=list&prefix={contactId}";
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("x-ms-version", "2023-08-03");
client.DefaultRequestHeaders.Add("x-ms-date", dt.ToString("R"));
client.DefaultRequestHeaders.Add("Authorization", $"SharedKey {accountName}:{signature}");
var response = await client.GetAsync(url);
// Process the response
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var xmlDoc = XDocument.Parse(responseContent);
Console.WriteLine("List of blobs in the container:");
Console.WriteLine(xmlDoc.ToString(SaveOptions.None));
}
else
{
Console.WriteLine($"Error getting list of blobs. Status code: {response.StatusCode}");
}
}
}
}
Output:
List of blobs in the container:
<EnumerationResults ServiceEndpoint="https://venkat123.blob.core.windows.net/" ContainerName="test">
<Prefix>ContactId</Prefix>
<Blobs>
...
</Blobs>
<NextMarker />
</EnumerationResults>
Reference: List Blobs (REST API) - Azure Storage | Microsoft Learn
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs