Azure Blob Storage (REST API): Cannot list blobs in container with curl using SAS token
I have been playing around with using the Azure Blob storage REST API for a few days now.
I can connect to the resource, list containers and also generate SAS tokens for any given container with no problems.
However, I am now having problems when trying to list the blobs within a container using the SAS token I have generated for the container.
With my generated SAS token I have tried the following curl command (taken from https://learn.microsoft.com/en-us/rest/api/storageservices/list-blobs?tabs=microsoft-entra-id)
curl -X GET "https://dat3473spa01cfeMtest.blob.core.windows.net/90480397-91234697-218-test-dir01?restype=container&comp=list&?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl"
Where https://dat3473spa01cfeMtest.blob.core.windows.net is the blobServiceUri, 90480397-91234697-218-test-dir01 is the container name and ?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl is the SAS token I have generated for the container in a previous step.
When running the curl command I get the following error message:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:d370a92d-301e-0082-34ee-25f845000000
Time:2024-10-24T08:30:24.7319888Z</Message>
<AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail>
</Error>
I assume the problem is related to the way I am specifying the SAS token in the curl command, but from the documentation on the previously mentioned website (https://learn.microsoft.com/en-us/rest/api/storageservices/list-blobs?tabs=microsoft-entra-id) I cannot see how to specify the SAS token correctly, if, indeed, this is the problem with my curl command.
I have also tried the following commands:
curl -X GET "https://dat3473spa01cfeMtest.blob.core.windows.net/90480397-91234697-218-test-dir01?restype=container&comp=list" -H "x-ms-version: 2025-01-05" -H "x-ms-date: Thu, 24 oct. 2024 08:29:07 GMT" -H "Authorization: ?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl"
curl -X GET "https://dat3473spa01cfeMtest.blob.core.windows.net/90480397-91234697-218-test-dir01?restype=container&comp=list" -H "x-ms-version: 2025-01-05" -H "x-ms-date: Thu, 24 oct. 2024 08:29:07 GMT" -H "Authorization: credential=?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl"
curl -X GET "https://dat3473spa01cfeMtest.blob.core.windows.net/90480397-91234697-218-test-dir01?restype=container&comp=list" -H "x-ms-version: 2025-01-05" -H "x-ms-date: Thu, 24 oct. 2024 08:29:07 GMT" -H "Authorization: credentials=?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl"
curl -X GET "https://dat3473spa01cfeMtest.blob.core.windows.net/90480397-91234697-218-test-dir01?restype=container&comp=list" -H "x-ms-version: 2025-01-05" -H "x-ms-date: Thu, 24 oct. 2024 08:29:07 GMT" -H "Authorization: token ?sv=2019-02-02&sr=c&sig=QlSozpknsTcR4frUK08%2FrcGaUGY893GzFN1Lyhl74Ao%3D&se=2024-10-24T07%3A50%3A11Z&sp=racwdl"
These all give the error:
<Error>
<Code>InvalidAuthenticationInfo</Code>
<Message>Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:79a74d3f-101e-0071-5bf0-255fd0000000
Time:2024-10-24T08:44:39.7753277Z</Message>
</Error>
Cannot list blobs in container with curl using SAS token.
I followed the same MS-Document,
I generate sas token from the portal.
Portal:
Now, You can use the below request format to get the list of blobs using cURL.
Request:
curl -X GET "https://venkat326123.blob.core.windows.net/test?restype=container&comp=list&sp=racwdli&st=2024-10-24T08:59:44Z&se=2024-10-24T16:59:44Z&spr=https&sv=2022-11-02&sr=c&sig=redacted"
Output:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs