Error uploading file to Azure Blob Storage: Server failed to authenticate the request
I am trying to implement an upload to Azure Storage. I am unable to use @azure/storage-blob package as it conflicts with every version of Node, including versions 16, 18, 20, etc. It always throws the error node:os module not found. So, I switched to a custom solution, but I am facing a major issue with the following error:
Error uploading file to Azure Blob Storage: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Please note the following checks I have already done:
- Verified that the Azure account name, key, and container name are correct.
- Printed the headers and authorization string, and they appear correct.
- Tried using both
Content-Typeandx-ms-dateheaders. My mac - Ensured the account key is decoded correctly and used in the signature.
- Used the correct storage endpoint:
https://accountName.blob.core.windows.net/containerName/folder/subfolder/parking.jpg.
const fetch = require('node-fetch');
const crypto = require('crypto');
const { sanitize, getMediasBucketName } = require('../../utils');
const logger = require('../../utils/logger');
class AzureBlobStorage {
constructor() {
this.accountName = process.env.AZURE_STORAGE_ACCOUNT_NAME;
this.accountKey = process.env.AZURE_STORAGE_ACCOUNT_KEY;
this.containerName = process.env.AZURE_CONTAINER_NAME;
if (!this.accountName || !this.accountKey || !this.containerName) {
throw new Error('Azure Storage account name, key, or container name is missing.');
}
// Set the endpoint URL for the Blob Storage container
this.endpoint = `https://${this.accountName}.blob.core.windows.net/${this.containerName}`;
}
_generateAuthorizationHeader(method, path, headers) {
const canonicalHeaders = Object.keys(headers)
.filter(key => key.toLowerCase().startsWith('x-ms-'))
.sort()
.map(key => `${key.toLowerCase()}:${headers[key]}`)
.join('\n');
const stringToSign = [
method,
'',
headers['Content-Type'] || '',
headers['x-ms-date'],
canonicalHeaders,
`/${this.accountName}/${this.containerName}${path}`
].join('\n');
// Generate the signature using HMAC-SHA256
const decodedKey = Buffer.from(this.accountKey, 'base64');
const signature = crypto.createHmac('sha256', decodedKey).update(stringToSign).digest('base64');
const authorizationHeader = `SharedKey ${this.accountName}:${signature}`;
return authorizationHeader;
}
async storeFileInDirectory({
projectName,
fileName,
contentBody,
contentType,
mediaType,
}) {
try {
const safeFileName = sanitize(fileName);
const filePath = `/${projectName}/${mediaType}/${safeFileName}`;
const url = `${this.endpoint}${filePath}`;
const headers = {
'x-ms-date': new Date().toUTCString(),
'Content-Type': contentType,
'Content-Length': contentBody.length,
'x-ms-blob-type': 'BlockBlob',
};
headers['Authorization'] = this._generateAuthorizationHeader('PUT', filePath, headers);
const response = await fetch(url, {
method: 'PUT',
headers: headers,
body: contentBody,
});
if (!response.ok) {
throw new Error(`Error uploading file to Azure Blob Storage: ${response.statusText}`);
}
logger.info(`File uploaded to Azure: ${filePath}`);
return {
filePath
};
} catch (e) {
logger.error('Error uploading file to Azure Blob Storage', {
errorMessage: e.message,
stack: e.stack,
params: { projectName, fileName, mediaType },
});
return null;
}
}
}
Solution
Error uploading file to Azure Blob Storage: Server failed to authenticate the request.
You can use the below code which will upload the file with path in the Azure Blob Storage using JavaScript.
Code:
const fetch = require('node-fetch-commonjs');
const CryptoJS = require('crypto-js');
class AzureBlobStorage {
constructor() {
this.accountName = process.env.AZURE_STORAGE_ACCOUNT_NAME;
this.accountKey = process.env.AZURE_STORAGE_ACCOUNT_KEY;
this.containerName = process.env.AZURE_CONTAINER_NAME;
if (!this.accountName || !this.accountKey || !this.containerName) {
throw new Error('Azure Storage account name, key, or container name is missing.');
}
// Set the endpoint URL for the Blob Storage container
this.endpoint = `https://${this.accountName}.blob.core.windows.net/${this.containerName}`;
}
_generateAuthorizationHeader(method, path, headers) {
// Generate canonical headers (x-ms- headers sorted alphabetically)
const canonicalHeaders = Object.keys(headers)
.filter((key) => key.toLowerCase().startsWith('x-ms-'))
.sort()
.map((key) => `${key.toLowerCase()}:${headers[key]}`)
.join('\n');
// Generate canonical resource
const canonicalResource = `/${this.accountName}/${this.containerName}${path}`;
// Construct string to sign
const stringToSign = [
method, // HTTP method
headers['Content-Encoding'] || '', // Content-Encoding
headers['Content-Language'] || '', // Content-Language
headers['Content-Length'] || '', // Content-Length
headers['Content-MD5'] || '', // Content-MD5
headers['Content-Type'] || '', // Content-Type
'', // Date (not used with x-ms-date)
headers['If-Modified-Since'] || '',
headers['If-Match'] || '',
headers['If-None-Match'] || '',
headers['If-Unmodified-Since'] || '',
headers['Range'] || '',
canonicalHeaders, // Canonicalized headers
canonicalResource // Canonicalized resource
].join('\n');
// Sign the string with the account key
const decodedKey = CryptoJS.enc.Base64.parse(this.accountKey);
const signature = CryptoJS.HmacSHA256(stringToSign, decodedKey).toString(CryptoJS.enc.Base64);
// Return the authorization header
return `SharedKey ${this.accountName}:${signature}`;
}
async storeFileInDirectory({ projectName, fileName, contentBody, contentType, mediaType }) {
try {
// Sanitize file name to avoid invalid characters
const safeFileName = fileName.replace(/[^a-zA-Z0-9._-]/g, '_');
// Construct file path and full URL
const filePath = `/${projectName}/${mediaType}/${safeFileName}`;
const url = `${this.endpoint}${filePath}`;
// Headers required for the PUT request
const headers = {
'x-ms-date': new Date().toUTCString(),
'Content-Type': contentType,
'Content-Length': Buffer.byteLength(contentBody),
'x-ms-blob-type': 'BlockBlob',
'x-ms-version': '2020-04-08', // Use a valid API version
};
// Add the Authorization header
headers['Authorization'] = this._generateAuthorizationHeader('PUT', filePath, headers);
// Make the PUT request to Azure Blob Storage
const response = await fetch(url, {
method: 'PUT',
headers: headers,
body: contentBody,
});
if (!response.ok) {
throw new Error(`Error uploading file to Azure Blob Storage: ${response.status} - ${response.statusText}`);
}
console.log(`File uploaded successfully to Azure Blob Storage: ${filePath}`);
return { filePath };
} catch (e) {
console.error('Error uploading file to Azure Blob Storage', {
errorMessage: e.message,
stack: e.stack,
params: { projectName, fileName, mediaType },
});
return null;
}
}
}
// Example usage
(async () => {
const azureStorage = new AzureBlobStorage();
const result = await azureStorage.storeFileInDirectory({
projectName: 'exampleProject',
fileName: 'example.txt',
contentBody: 'This is an example file content.', // Replace with actual file content as a string
contentType: 'text/plain', // Replace with actual MIME type
mediaType: 'images',
});
console.log(result);
})();
Output:
PS C:\> node example.js
File uploaded successfully to Azure Blob Storage: /exampleProject/images/example.txt
{ filePath: '/exampleProject/images/example.txt'
Portal:
- VM has reported a failure when processing extension AzureDiskEncryption
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Trigger / queue build policy pipeline on ADO PR with Azure CLI
- Azure AD B2C Password Reset
- Batch create mailbox folders with GRAPH API (from Graph Explorer)
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How can I apply name=value tags to service principals in Azure?
- Visual Studio Code: Could not find $web blob container for storage account
- Error when registering data factory integration runtime on windows VM
- Retrieve list of repositories and their tag versions in one call
- Getting Error while running Azure DevOps Pipeline "Error: building account: could not acquire access token to parse claims: clientCredentialsToken
- Create Resource Group with Azure Management C# API
- Azure LDAP Authentication Connection Refused On Cloud Server or Other Desktops
- Create a gpu nodepool on azure with a student account
- How to set redirect URLs to b2clogin.com for Azure Active Directory B2C in React JS application
- Cannot connect to SQL Server from logic app
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- How do I open Kudu console in Azure functions consumption plan?
- Azure AutoML Image Classification Job
- Onedrive GRAPH API - 403 when getting user's OneDrive
- Azure Government Get incidents returns 401 Forbidden
- Delta Table Partitioning - why only for tables bigger than 1 TB
- How to check if an Azure storage queue has messages
- Azure WAF exclusion, what's the difference between RequestArgNames and RequestArgValues?
- How to order results of a query by the results of an aggregate function in ComosDb?
- Azure routing between different subscriptions - force one, common outbound IP and share Site-to-site (IPSec) defined in Virtual network gateway
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- Azure DevOps - Create a work item from incoming email
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?