Signature authentication failed when call API to Azure File Storage

Question

I am trying to create a valid Signature into the API header when calling files from Azure File Storage. There is an error in return:

/*I have rewritten all accounts and keys to fake*/
    <Error>
    <Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:aea05260-xxxx-xxxx-xxxx-xxxx58000000
Time:2022-06-30T03:26:24.1626176Z</Message>
    <AuthenticationErrorDetail>The MAC signature found in the HTTP request 'ZmEyNjY0YmUwNWNjYmI2MmE1NTI2MDBjOGUyNTE2OTY0NmUzMjQ3NTU3Y2EwN2JhMmY3NmI5NmRiNDkxMzU2NA==
' is not the same as any computed signature. Server used following string to sign: 'GET


0








x-ms-date:Thu, 30 Jun 2022 03:24:00 GMT
x-ms-version:2014-02-14
/testgetfilestorage/integration/testfolder/abc123.xml'.</AuthenticationErrorDetail>
</Error>

I have Azure File Storage account & key, it can Read/Download file normally on Microsoft Azure Storage Explorer, but I am not sure what is wrong when I create the signature, follow is how I test the REST API on the Postman:

/*I have rewritten all accounts and keys to fake*/
On Postman:

URL: 

GET https://testgetfilestorage.file.core.windows.net/integration/testfolder/abc123.xml

Header: 

x-ms-version:2014-02-14

x-ms-date:Thu, 30 Jun 2022 03:24:00 GMT

Authorization:SharedKey testgetfilestorage:ZmEyNjY0YmUwNWNjYmI2MmE1NTI2MDBjOGUyNTE2OTY0NmUzMjQ3NTU3Y2EwN2JhMmY3NmI5NmRiNDkxMzU2NA==

According to Microsoft Doc authorize-with-shared-key, I follow the step to create signature which is

/*I have rewritten all accounts and keys to fake*/
Signature=Base64(HMAC-SHA256(UTF8(StringToSign), Base64.decode(<your_azure_storage_account_shared_key>)))

/*My parameters as follow*/
StringToSign = 'GET\n\n\n0\n\n\n\n\n\n\n\n\nx-ms-date:Thu, 30 Jun 2022 03:24:00 GMT\nx-ms-version:2014-02-14\n/testgetfilestorage/integration/testfolder/abc123.xml'
your_azure_storage_account_shared_key = 'TRE/abcabcabcabc90+YCabcabcabcabcabcabcabcabcabcabcabcabcabcR2NC7i5WREgBAjNivlhwGhwmZQ=='

The steps I create the signature:
1. Signature=Base64(HMAC-SHA256(UTF8(GET\n\n\n0\n\n\n\n\n\n\n\n\nx-ms-date:Thu, 30 Jun 2022 03:24:00 GMT\nx-ms-version:2014-02-14\n/testgetfilestorage/integration/testfolder/abc123.xml), Base64.decode(TRE/abcabcabcabc90+YCabcabcabcabcabcabcabcabcabcabcabcabcabcR2NC7i5WREgBAjNivlhwGhwmZQ==)))
2. Signature=Base64(HMAC-SHA256(GET\n\n\n0\n\n\n\n\n\n\n\n\nx-ms-date:Thu, 30 Jun 2022 03:24:00 GMT\nx-ms-version:2014-02-14\n/testgetfilestorage/integration/testfolder/abc123.xml, M?i·mÆ›q¦Ü÷O˜  ¦Üi·mÆ›q¦Üi·mÆ›q¦Üi·mÆ›q¦ÜGcBî.VDH3b¾Xp&e))
3. Signature=Base64(fa2664be05ccbb62a552600c8e25169646e3247557ca07ba2f76b96db4913564)
4. Signature=ZmEyNjY0YmUwNWNjYmI2MmE1NTI2MDBjOGUyNTE2OTY0NmUzMjQ3NTU3Y2EwN2JhMmY3NmI5NmRiNDkxMzU2NA==

Please advise what I did wrong on the Signature creation.

Answer 1

Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

There are several reasons to get this error below are the some of them,

• The given SAS token is not a valid one or it may expire.
• If these characters( ! $ & ' ( ) * , : ; = @) are part of the blob path name, make sure to recheck once the URL encoding on the path.
• Recheck your computer's clock time with GMT time to compare.
• If the difference time is more than 15 minutes it may be the cause sometimes.
• The Account key is case sensitive, make sure to recheck the upper/lower cases.

Thanks to @Gaurav Mantri and @Adam Sorrin - MSFT, here you can follow the below references.

Reference 1, Reference 2.