"Authentication not in correct format" when setting Azure Blob Service Properties (REST API)

Question

I am trying to set CORS rules on my Azure Blob Storage account by following these instructions.

This is the error I receive after making my request:

400 Authentication information is not given in the correct format. Check the value of Authorization header

Request URL:

PUT https://[MyAccountName].blob.core.windows.net/?restype=service&comp=properties

Request header:

x-ms-version: 2013-08-15
x-ms-date: Tue, 25 Feb 2014 13:02:00 GMT
Authorization: SharedKey
[MyAccountName]: [MyAccountKey]
Content-Length: 329
Host: [MyAccountName].blob.core.windows.net

Request body:

<?xml version="1.0" encoding="utf-8"?>
<StorageServiceProperties>
    <Cors>   
          <CorsRule>
                <AllowedOrigins>http://www.example.com</AllowedOrigins>
                <AllowedMethods>GET</AllowedMethods>
                <ExposedHeaders>x-ms-meta-data*,x-ms-meta*</ExposedHeaders>
                <AllowedHeaders>x-ms-meta-target*,x-ms-meta*</AllowedHeaders>
                <MaxAgeInSeconds>200</MaxAgeInSeconds>
        </CorsRule>
    <Cors>
</StorageServiceProperties>

Answer 1

For people reaching this page and wondering why you get this error even though you are using a Shared Access Signature URL, then you most likely are sending YOUR APP token to Azure. Make sure to NOT include the Authorization header in this case.

Answer 2

Following what @jsgoupil said:

For people reaching this page and wondering why you get this error even though you are using a Shared Access Signature URL, then you most likely are sending YOUR APP token to Azure. Make sure to NOT include the Authorization header in this case.

In case you have an interceptor you can add a skip to a request by following the instructions on this stackOverflow post: https://stackoverflow.com/a/49047764/5232022

export const InterceptorSkipHeader = 'X-Skip-Interceptor'; // <-- ADD THIS

@Injectable()
export class SkippableInterceptor implements HttpInterceptor {

  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
    // Add the following if to your interceptor
    if (req.headers.has(InterceptorSkipHeader)) {
      const headers = req.headers.delete(InterceptorSkipHeader);
      return next.handle(req.clone({ headers }));
    }

    ...  // intercept
  }

}

Then whenever you want to skip the interception for a particular request:

const headers = new HttpHeaders().set(InterceptorSkipHeader, ''); // <-- this will skip it

this.httpClient.get<ResponseType>(someUrl, { headers }) // <-- dont forget to add it here as well

Answer 3

The request has an incomplete Authorization header. It needs to contain the authentication scheme, storage account name, and signature. For example;

Authorization: SharedKey myaccount:Z1lTLDwtq5o1UYQluucdsXk6/iB7YxEu0m6VofAEkUE=

For more information, see Authentication for the Windows Azure Storage Services. On the other hand, if you use one of the Windows Azure Storage Client Libraries, it will handle the authentication for you. For .NET library, please see our NuGet package.

Answer 4

I was trying to delete a file from storage using a Shared Access Signature URL, using the Azure blob storage .NET SDK v12.

The above error was received as I intially included the StorageSharedKeyCredential when creating the blobClient with the SAS URL.

Simply removing the storage credentials fixes the issue:

    public async Task DeleteFileFromStorage(string Uri)
    {
        Uri blobUri = GetDeletableSasUriForBlob(Uri);
        /*StorageSharedKeyCredential storageCredentials =
            new StorageSharedKeyCredential(_options.Value.AccountName, _options.Value.AccountKey);*/
        // Create the blob client.
        BlobClient blobClient = new BlobClient(blobUri);      //, storageCredentials);
        //Delete the file
        await blobClient.DeleteIfExistsAsync(DeleteSnapshotsOption.IncludeSnapshots);
    }