The MAC signature found in the HTTP request is not the same as any computed signature

Question

I have been searching all over for a few days now, and this azure auth is killing me. I keep getting the error from the title.

using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using System.Text;

namespace netTest
{
    class Program
    {
        static void Main(string[] args)
        {
            var b = new bt();
            b.GetBlob_Test();
            Console.ReadLine();
        }

        public class bt
        {

            string accessKey = "4LVWlzPCPA5k45VDAPJJU6zXK6KvycT142Z8owbQv1m8bPm+cZPQamDKne/Uq4BHjAb9QR8bpanvoIgyOydcOg==";
            string accountName = "trikegirlstudio";
            string container = "sgm"; 

            // GetBlob_Test
            public void GetBlob_Test()
            {
                Console.WriteLine("Attempting to GET from server");
                DateTime dt = DateTime.UtcNow;

                string stringToSign = String.Format("GET\n"
                                                    + "\n" // content md5
                                                    + "\n" // content type
                                                    + "x-ms-date:" + dt.ToString("R") + "x-ms-version:2009-09-19\n" + "\n" // headers
                                                    + "/{0}/{1}\ncomp:list\nrestype:container", accountName, container);

                string authorizationKey = SignThis(stringToSign, accessKey, accountName);
                string method = "GET";
                string urlPath = string.Format("http://{0}.blob.core.windows.net/{1}?restype=container&comp=list", accountName, container);
                Uri uriTest = new Uri(urlPath);

                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uriTest);
                request.Proxy = new WebProxy("127.0.0.1", 8888);
                request.Method = method;
                request.Headers.Add("x-ms-date", dt.ToString("R"));
                request.Headers.Add("x-ms-version", "2009-09-19");
                request.Headers.Add("Authorization", authorizationKey);

                Console.WriteLine("Authorization: " + authorizationKey);

                using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
                {
                    Console.WriteLine("Response = " + response);
                }
            }
            private static String SignThis(String StringToSign, string Key, string Account)
            {
                //StringToSign = 
                String signature = string.Empty;
                byte[] unicodeKey = Convert.FromBase64String(Key);
                using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
                {
                    Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                    signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
                }

                String authorizationHeader = String.Format(
                    CultureInfo.InvariantCulture,
                    "{0} {1}:{2}",
                    "SharedKeyLite",
                    Account,
                    signature);
                Console.WriteLine(StringToSign);
                return authorizationHeader;
            }
        }
    }
}

Any help would be greatly appreciated I really can't see where things are going wrong

Edit:: full error

AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:a8098960-0001-0003-3d38-a2fc0d000000 Time:2015-06-08T22:14:39.9876002ZThe MAC signature found in the HTTP request 'kmOqr60n0Nus1HJ1xoaplISdTEk8Hfdj9BIJK74Ojow=' is not the same as any computed signature. Server used following string to sign: 'GET

x-ms-date:Mon, 08 Jun 2015 22:14:41 GMT x-ms-version:2009-09-19 /trikegirlstudio/sgm?comp=list'.

Answer 1

Looking at the documentation here: https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx (Section Constructing the Canonicalized Headers String, point #6)

Finally, append a new-line character to each canonicalized header in the resulting list. Construct the CanonicalizedHeaders string by concatenating all headers in this list into a single string.

I think this piece of code is causing the error:

string stringToSign = String.Format("GET\n"
                                                    + "\n" // content md5
                                                    + "\n" // content type
                                                    + "x-ms-date:" + dt.ToString("R") + "x-ms-version:2009-09-19\n" + "\n" // headers
                                                    + "/{0}/{1}\ncomp:list\nrestype:container", accountName, container);

If you notice in your code, you don't have a new line character between your x-ms-date and x-ms-version headers. There's also an extra new line character after x-ms-version.

Your code should be:

string stringToSign = String.Format("GET\n"
                                                    + "\n" // content md5
                                                    + "\n" // content type
                                                    + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:2009-09-19\n" // headers
                                                    + "/{0}/{1}\ncomp:list\nrestype:container", accountName, container);

Try it out. It should fix the problem.