SAS token Error : Signature did not match. String to sign used was r

Question

can any one help me with this

 string blobName = Upload.FileName;
            BlobClient blobClient = blobContainer.GetBlobClient(blobName);
            using Stream stream = Upload.OpenReadStream();
            var result = await blobClient.UploadAsync(stream, new BlobHttpHeaders { ContentType = "image/jpg" });
            blobContainer.SetAccessPolicy(PublicAccessType.Blob);
            BlobSasBuilder blobSasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = container,
                BlobName = blobName,
                ExpiresOn = DateTime.UtcNow.AddMinutes(5),
            };
            blobSasBuilder.SetPermissions(Azure.Storage.Sas.BlobSasPermissions.Read);//User will only be able to read the blob and it's properties
            var sasToken = blobSasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(connSrting, key)).ToString();
            var sasUrl = blobClient.Uri.AbsoluteUri + "?" + sasToken;
            Console.WriteLine(sasUrl);

getting the below error

\<Error\>\<Code\>AuthenticationFailed\</Code\>\<Message\>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:8063fa5d-401e-003a-7998-ead2e7000000 Time:2022-10-28T06:44:00.2089799Z\</Message\>\<AuthenticationErrorDetail\>Signature did not match. String to sign used was r 2022-10-28T06:46:58Z set_flowers.jpg 2021-06-08 b \</AuthenticationErrorDetail\>\</Error\>

Generated token using c# code ,

Answer 1

I tried in my environment and got below results:

Code:

using Azure.Identity;
using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using Azure.Storage.Blobs.Specialized;
using Azure.Storage.Sas;
namespace SAStoken
{
    class Program
    {
        private static void Main()
        {
            var storageAccountUriString = $"https://<storage account name>.blob.core.windows.net";
            var credential = new DefaultAzureCredential();

            var blobServiceClient = new BlobServiceClient(new Uri(storageAccountUriString), credential);

            var userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));


            var blobContainerClient = blobServiceClient.GetBlobContainerClient("test");  //container name
            var blobClient = blobContainerClient.GetBlobClient("image1.png"); // my image blob name

            var sasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = blobClient.BlobContainerName,
                BlobName = blobClient.Name,
                Resource = "b", // b for blob, c for container
                StartsOn = DateTimeOffset.UtcNow,
                ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
            };
            sasBuilder.SetPermissions(BlobSasPermissions.Read); // read permissions

            BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
            {
                // Specify the user delegation key.
                Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
            };

            Console.WriteLine("Blob user delegation SAS URI: {0}", blobUriBuilder);
        }
         
    }
}

Console:

Output:

< Error>< Code>AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:8063fa5d-401e-003a-7998-ead2e7000000 Time:2022-10-28T06:44:00.2089799Z</ Message>< AuthenticationErrorDetail >Signature did not match. String to sign used was r 2022-10-28T06:46:58Z set_flowers.jpg 2021-06-08 b </ AuthenticationErrorDetail ></ Error>

The above error occurs Service is not able to identify if the resource you're trying to access is a blob or a container and assumes it's a blob, also check whether permission are in correct OWN SAS token

Portal:

Output

Checking the sas url in the browser

Reference: c# - Azure Shared Access Signature - Signature did not match - Stack Overflow