azurepowershellazure-table-storageazure-tablequeryazure-tableclient

Why am I getting a 403 Forbidden error when trying to access Azure Table Storage?


I am using PowerShell to interact with Azure Table Storage, but I keep receiving a 403 Forbidden error. Here is the relevant part of my script:

function InsertReplaceTableEntity($TableName, $PartitionKey, $Rowkey, $entity) {
    $version = "2017-04-17"
    $resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
    $table_url = "https://$storageAccount.table.core.windows.net/$resource"
    Write-Host "Table URL: $table_url"
    
    $GMTTime = (Get-Date).ToUniversalTime().toString('R')
    $stringToSign = "$GMTTime`n/$storageAccount/$resource"
    Write-Host "String to Sign: $stringToSign"

    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($ADL_KEY)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
    $signature = [Convert]::ToBase64String($signature)
    Write-Host "Signature: $signature"

    $headers = @{
        'x-ms-date'    = $GMTTime
        Authorization  = "SharedKeyLite " + $storageAccount + ":" + $signature
        "x-ms-version" = $version
        Accept         = "application/json;odata=fullmetadata"
    }
    Write-Host "Headers: $($headers | ConvertTo-Json)"

    $body = $entity | ConvertTo-Json
    Write-Host "$body"
    $item = Invoke-RestMethod -Method PUT -Uri $table_url -Headers $headers -Body $body -ContentType application/json
}  

Solution

  • Why am I getting a 403 Forbidden error when trying to access Azure Table Storage?

    The above error occurs when you have issue with authentication or authorization.

    I used the below script to insert the entity in the azure table storage.

    Script:

    $version = "2019-02-02"
    $storageAccount = "venkat326123"
    $ADL_KEY = "T3czZpu1gZ0nxxxxxxx=="
    $tableName = "table1"
    $PartitionKey = "name"
    $Rowkey = "venkatesan"
    $entity = @{
        "Property1" = "test"
        "Property2" = "key"
    }
    
    $resource = "$tableName(PartitionKey='$PartitionKey',RowKey='$Rowkey')"
    $table_url = "https://$storageAccount.table.core.windows.net/$resource"
    Write-Host "Table URL: $table_url"
    
    $GMTTime = (Get-Date).ToUniversalTime().toString('R')
    $stringToSign = "$GMTTime`n/$storageAccount/$resource"
    Write-Host "String to Sign: $stringToSign"
    
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($ADL_KEY)
    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
    $signature = [Convert]::ToBase64String($signature)
    Write-Host "Signature: $signature"
    
    $headers = @{
        'x-ms-date'    = $GMTTime
        Authorization  = "SharedKeyLite " + $storageAccount + ":" + $signature
        "x-ms-version" = $version
        Accept         = "application/json;odata=fullmetadata"
    }
    Write-Host "Headers: $($headers | ConvertTo-Json)"
    
    $body = $entity | ConvertTo-Json
    Write-Host "$body"
    $item = Invoke-RestMethod -Method PUT -Uri $table_url -Headers $headers -Body $body -ContentType application/json
     Write-Host "Entity updated successfully."
    

    Output:

    Table URL: https://venkat326123.table.core.windows.net/table1(PartitionKey='name',RowKey='venkatesan')
    String to Sign: Mon, 19 Aug 2024 05:37:24 GMT
    /venkat326123/table1(PartitionKey='name',RowKey='venkatesan')
    Signature: nA2IcN6ecHNQuxxxxxxxxpeKAWp4JHU=
    Headers: {
        "Authorization":  "SharedKeyLite venkat326123:nA2IcN6ecxxxxxU=",
        "x-ms-version":  "2019-02-02",
        "Accept":  "application/json;odata=fullmetadata",
        "x-ms-date":  "Mon, 19 Aug 2024 05:37:24 GMT"
    }
    {
        "Property1":  "test",
        "Property2":  "key"
    }
    Entity updated successfully.
    

    Portal: enter image description here

    Also check the firewall settings in the azure storage account whether it is enabled to all networks this also may cause the 403 error.

    Reference: Insert Entity (REST API) - Azure Storage | Microsoft Learn