10

I am trying to fetch a html page which is placed in Azure blob storage using postman. The default blob storage access has been set to private, so i have to send "Shared Key", "x-ms-version" and "x-ms-date" in the header section to Authorize.

Here is the screen shot of request in Postman.

enter image description here

When i click on send button i am getting an error stating "The date header in the request is incorrect".

enter image description here

Any ideas to solve the issue?

Update-Corrected Date Format

I corrected the "x-ms-date" format, now it throwing an error stating Authentication Info is not in correct format

enter image description here

Here is the Authorization section of postman

enter image description here

Thanks for the help.

Improve this question
7
  • How are you computing authorization header value? Commented Dec 19, 2018 at 17:08
  • I am following learn.microsoft.com/en-us/rest/api/storageservices/… instructions...and for generating shared key Azure Portal> Home>MyStorageAccount>Account share access Signature > Generate SAS snd connection String Commented Dec 19, 2018 at 17:38
  • It looks like you haven't acquired your token. The "SharedKey myaccount:ctzMq410TV3wS7upTBcunJTDLEJwMAZuFPfr0mrrA08= " Needs to go in the Authorization tab in Postman. Not the Header tab. Commented Dec 19, 2018 at 19:52
  • @Rthomas529 but documentation mentioned to pass Authorization as header..if you want me to try that on Authorization tab , please let me know which Authorization type to select Commented Dec 20, 2018 at 13:01
  • 1
    You don't use "SharedKey account" It should be something like "SharedKey {{storageAccountName}}:{{signedSignature}} Also for security reasons your key should be hashed. Commented Dec 20, 2018 at 14:09

4 Answers 4

Reset to default
6

Please review the documentation.

You need to specify two headers for correct request: Authorization and x-ms-date headers.

The correct format for x-ms-date header is Fri, 26 Jun 2015 23:39:12 GMT.

It seems your Authorization header is invalid. Try to regenerate your SAS key and test your request again.

As I understand correctly then you have only 15 minutes for requests.

From documentation:

The storage services ensure that a request is no older than 15 minutes by the time it reaches the service. This guards against certain security attacks, including replay attacks. When this check fails, the server returns response code 403 (Forbidden).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The 15 minute duration is maximum duration allowed between request initiation at client( taken from x-ms-date to request process at server. This 15minute cut off helps microsoft to avoid Replay attacks(en.wikipedia.org/wiki/Replay_attack)
4

The format is Fri, 26 Jun 2015 23:39:12 GMT. In Python, this can be obtained via

import datetime date = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

assuming locale.en_US.

Improve this answer

Comments

1

x-ms-date header must be specified in the following format: Fri, 26 Jun 2015 23:39:12 GMT.

Please try your request again with this format.

Improve this answer

Comments

1

In my case, the format that I used for UTC was wrong. I changed to DateTime.UtcNow.ToString("R"). previously it was

((DateTime.UtcNow).ToString("ddd, dd MMM yyyy hh:mm:ss ") + "GMT" ))
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.