Open spinosae opened 5 years ago
Thanks for reporting the issue. Can you also share the name of the blob you saw from .NET SDK and the full URL please?
Thanks for reporting the issue. Can you also share the name of the blob you saw from .NET SDK and the full URL please?
Hi, in .NET SDK the resource path was /mymoxa2/mymoxa2/cont1
on both sides (cont1 was the container name, mymoxa2 was account name. edited in original post).
I figured resource path was supposed to be /[ACCOUNT_NAME]/[CONTAINER_PATH], where [CONATINER_PATH] was coded as [ACCOUNT_NAME]/[CONTAINER_NAME] in .NET SDK but without leading [ACCOUNT_NAME] in cpplite SDK. You may refer to 'GetCanonicalizedResourceString' in AuthenticationUtility.cs.
Is it possible to also share the URI that you are accessing? I somehow cannot find the place where the behavior is different than .Net SDK's and cpp SDK's. Each of the 3 SDKs appends account name and url absolute path as the resource path.
@spinosae I think this issue has been fixed in the latest 0.3.0 release. Feel free to let us know if you have further questions.
I was trying to run the SDK on an Embedded Linux device running as IoT leaf to access Azure Blob Storage on IoT Edge. However authorization kept failing. Meanwhile Azure Storage .Net SDK worked just fine.
After some digging, I narrowed down the problem to request signing. The client side (leaf device) signed a different header compared to what sever (Blob Storage on IoT Edge) saw. For example, client signed the header as:
While the server saw:
The difference was with resource path
/mymoxa2/cont1
vs/mymoxa2/mymoxa2/cont1
. It tracked down toshared_key_credential::sign_request
function in storage_credential.cpp. My temporary hack was to append account name twice. Then it worked. I am not security expert and I bet you'll come up with a better fix.