I'm occasionally having trouble with Azure Storage SAS tokens generated on the server. I don't set anything for start time since this was recommended to avoid clock skew issues, and I set my expiry time to 1 hour after DateTime.UtcNow
. Every now and then, the SAS tokens don't work, and I'm guessing this might have to do with a clock skew issue. Here are two errors I received recently:
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:cb371f2b-801e-0063-16a1-08d06f000000 Time:2021-02-21T22:35:53.9832140Z</Message>
<AuthenticationErrorDetail>Signed expiry time [Sun, 21 Feb 2021 20:39:40 GMT] must be after signed start time [Sun, 21 Feb 2021 22:35:53 GMT]</AuthenticationErrorDetail>
</Error>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:8818c581-401e-0058-6477-08717d000000 Time:2021-02-21T17:35:37.1284611Z</Message>
<AuthenticationErrorDetail>Signature not valid in the specified time frame: Start [Sat, 20 Feb 2021 00:15:01 GMT] - Expiry [Sat, 20 Feb 2021 01:30:01 GMT] - Current [Sun, 21 Feb 2021 17:35:37 GMT]</AuthenticationErrorDetail>
</Error>
This is how I generate the token:
var blobSasBuilder = new BlobSasBuilder
{
BlobContainerName = containerName,
BlobName = fileName,
Resource = "b",
ExpiresOn = DateTime.UtcNow.AddHours(1),
Protocol = SasProtocol.Https
};
How can I fix this issue? According to the above error, it looks like I tried to access this resource after the token expired, but in reality I tried to access it immediately after the token was generated and sent to the client. As I said, this does not happen often, but it's a recurring problem.
On a second thought, I wonder if this is a bug with the v12 SDK.
According to the error, the start time is later than your expiration time and current time. Please set the start time to be at least 15 minutes in the past.
For example
I use Net SDK Azure.Storage.Blobs