search

Azure / azure-storage-node

Microsoft Azure Storage SDK for Node.js
http://azure.github.io/azure-storage-node/
Apache License 2.0
495 stars 227 forks source link

SAS generated by Storage Explorer fails to retrieve entity #642

Closed gwh-cpnet closed 4 years ago

gwh-cpnet commented 4 years ago

For latest features support, please switch to Azure Storage JavaScript SDK V10.

Which service(blob, file, queue, table) does this issue concern?

table

Which version of the SDK was used?

2.10.3

What's the Node.js/Browser version?

nodejs

What problem was encountered?

SAS generated by Storage Explorer fails to retrieve entity

Steps to reproduce the issue?

  1. Generate a sas token within Storage Explorer by right-clicking on the table name, picking a valid period and query permission.

In my case the sas uri is 

https://cpasiastoragedev.table.core.windows.net/Demo?sp=r&st=2020-04-21T17:14:46Z&se=2021-04-22T17:14:00Z&sv=2019-02-02&sig=%2FN2aFwtdsM6sKapuD3P5PKhOEMvWuhqYuCndTsWt7l8%3D&tn=Demo

  1. Spilt this sas uri into the host and token, which are https://cpasiastoragedev.table.core.windows.net' and sp=r&st=2020-04-21T17:14:46Z&se=2021-04-22T17:14:00Z&sv=2019-02-02&sig=%2FN2aFwtdsM6sKapuD3P5PKhOEMvWuhqYuCndTsWt7l8%3D&tn=Demo, and fill them into the createTableServiceWithSas api, as instructed by the doc.

  2. Then an error is raised.

    StorageError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

Please feel free to try it by your own.

const azure = require('azure-storage');
// 'https://cpasiastoragedev.table.core.windows.net/Demo?sp=r&st=2020-04-21T17:14:46Z&se=2021-04-22T17:14:00Z&sv=2019-02-02&sig=%2FN2aFwtdsM6sKapuD3P5PKhOEMvWuhqYuCndTsWt7l8%3D&tn=Demo'

const ts = azure.createTableServiceWithSas('https://cpasiastoragedev.table.core.windows.net', 'sp=r&st=2020-04-21T17:14:46Z&se=2021-04-22T17:14:00Z&sv=2019-02-02&sig=%2FN2aFwtdsM6sKapuD3P5PKhOEMvWuhqYuCndTsWt7l8%3D&tn=Demo');
ts.retrieveEntity('Demo', 'pk', 'rk', (error, result) => {
  if (error) {
    console.log(error);
  } else {
    console.log(result);
  }
});

In the official doc, the sasToken is generated by a tableService itself, which means this instance got its account and accesstoken before hand. To my supurise, the token generated by it works fine with the SDK. But in reality, we use sas tokens/URIs to avoid accesskey distribution, right? So if the sas token generated by storage explorer failed to work, there must be something wrong, the sdk or the doc.

Have you found a mitigation/solution?

jiacfan commented 4 years ago

@gwh-cpnet Thanks for reaching us. This should be a storage explore issue, and I'll forward to storage explorer team.

For short-term work around, would you try to create SAS with portal https://ms.portal.azure.com/.

Thanks, Jiachen

jiacfan commented 4 years ago

@gwh-cpnet At same time, would you share detailed storage explorer version you're using? And to protect your information, please consider to hide the SAS info in public channel.

gwh-cpnet commented 4 years ago

@jiacfan Thanks for your response.

I am using the portal you mentioned in web browser. I generated SAS token in the Storage Explorer (preview) in storage account panel.

jiacfan commented 4 years ago

@gwh-cpnet

Thanks for the info. I've forwarded the SAS generating issue to related team. BTW, would you try to work around with Storage Explorer(Desktop version link).

Best Regards, Jiachen

gwh-cpnet commented 4 years ago

@jiacfan Have you reproduce my issue?

jiacfan commented 4 years ago

Hi, @gwh-cpnet, I checked service side log, and find this should be problem in client side during generating SAS. Is storage explorer(Desktop version link) good for work around?

gwh-cpnet commented 4 years ago

@jiacfan Sorry, I do not have a desktop version storage explorer. I do dev on Linux.

jiacfan commented 4 years ago

Hi, @gwh-cpnet, storage explorer supports Linux as well FYI(link).

gwh-cpnet commented 4 years ago

@jiacfan I have tried the sas token generated by my Mac. it works. So the problem is about the storage explorer of the browser version.

jiacfan commented 4 years ago

@gwh-cpnet

Yes, that's ture. I've forwarded the issue to related team, and sorry that temporarily you need work with work around.

Thanks, Jiachen

yuyez commented 4 years ago

@gwh-cpnet Could you please try refreshing the portal and generating a new token? There was a bug in portal's handling of uppercase characters in table name and a fix has been deployed.

gwh-cpnet commented 4 years ago

Thanks @yuyez . The new token generated by browser portal works now.