search

microsoft / AzureStorageExplorer

Easily manage the contents of your storage account with Azure Storage Explorer. Upload, download, and manage blobs, files, queues, tables, and Cosmos DB entities. Gain easy access to manage your virtual machine disks. Work with either Azure Resource Manager or classic storage accounts, plus manage and configure cross-origin resource sharing (CORS) rules.
Creative Commons Attribution 4.0 International
365 stars 85 forks source link

Unable to login to Azure Storage Explorer #8031

Open vmittal-msft opened 4 days ago

vmittal-msft commented 4 days ago

Preflight Checklist

Storage Explorer Version

1.19.0

Regression From

No response

Architecture

i86

Storage Explorer Build Number

No response

Platform

All

OS Version

No response

Bug Description

This request is not authorized to perform this operation.

This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.

Error Details: { "name": "RestError", "code": "KeyBasedAuthenticationNotPermitted", "statusCode": 403, "request": { "streamResponseStatusCodes": {}, "url": "https://sonicstorage.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.33.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v18.18.2; Windows_NT 10.0.19045)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "1df6855e-c0a8-4967-b75b-8d909ea8172a" }, "x-ms-date": { "name": "x-ms-date", "value": "Fri, 28 Jun 2024 21:23:30 GMT" }, "authorization": { "name": "Authorization", "value": "SharedKey Redacted" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "1df6855e-c0a8-4967-b75b-8d909ea8172a" }, "response": { "request": { "streamResponseStatusCodes": {}, "url": "https://sonicstorage.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.33.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v18.18.2; Windows_NT 10.0.19045)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "1df6855e-c0a8-4967-b75b-8d909ea8172a" }, "x-ms-date": { "name": "x-ms-date", "value": "Fri, 28 Jun 2024 21:23:30 GMT" }, "authorization": { "name": "Authorization", "value": "SharedKey sonicstorage:2XonmmEn4q3HGbvTtcL1konenbdEZI1o+aOKrb1G7s8=" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "1df6855e-c0a8-4967-b75b-8d909ea8172a" }, "status": 403, "headers": { "_headersMap": { "content-length": { "name": "content-length", "value": "269" }, "content-type": { "name": "content-type", "value": "application/xml" }, "date": { "name": "date", "value": "Fri, 28 Jun 2024 21:23:29 GMT" }, "server": { "name": "server", "value": "Microsoft-HTTPAPI/2.0" }, "x-ms-error-code": { "name": "x-ms-error-code", "value": "KeyBasedAuthenticationNotPermitted" }, "x-ms-request-id": { "name": "x-ms-request-id", "value": "a98b7243-301e-0051-5aa1-c9522f000000" } } }, "bodyAsText": "<?xml version=\"1.0\" encoding=\"utf-8\"?>KeyBasedAuthenticationNotPermittedKey based authentication is not permitted on this storage account.\nRequestId:a98b7243-301e-0051-5aa1-c9522f000000\nTime:2024-06-28T21:23:30.6097629Z", "parsedBody": { "message": "Key based authentication is not permitted on this storage account.\nRequestId:a98b7243-301e-0051-5aa1-c9522f000000\nTime:2024-06-28T21:23:30.6097629Z", "code": "KeyBasedAuthenticationNotPermitted" }, "parsedHeaders": { "errorCode": "KeyBasedAuthenticationNotPermitted", "content-length": "269", "content-type": "application/xml", "date": "Fri, 28 Jun 2024 21:23:29 GMT", "server": "Microsoft-HTTPAPI/2.0", "x-ms-request-id": "a98b7243-301e-0051-5aa1-c9522f000000" } }, "details": { "errorCode": "KeyBasedAuthenticationNotPermitted", "content-length": "269", "content-type": "application/xml", "date": "Fri, 28 Jun 2024 21:23:29 GMT", "server": "Microsoft-HTTPAPI/2.0", "x-ms-request-id": "a98b7243-301e-0051-5aa1-c9522f000000", "message": "Key based authentication is not permitted on this storage account.\nRequestId:a98b7243-301e-0051-5aa1-c9522f000000\nTime:2024-06-28T21:23:30.6097629Z", "code": "KeyBasedAuthenticationNotPermitted" } }

Steps to Reproduce

  1. Launch Storage Explorer
  2. Click Blob container

Actual Experience

When i click "Blob Containers" under Sonic Storage, it fails for authentication.

Expected Experience

No response

Additional Context

No response

craxal commented 4 days ago

@vmittal-msft The error message indicates that key-based authentication is not permitted for that particular storage account. That means you have to sign in or use a user-delegated SAS. You can't use the storage account key or a key-generated SAS.

How did you try to connect to the storage account? Did you sign in, or are you using a custom connection? If you are signed in and still getting this message, try turn on the Services > Disable Usage of Key setting.