Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Report]DeviceClient.GetFileUploadSaSUriAsync() returns invalid SAS when hub is using System-identity. #3460

Open
Gamecock opened this issue Jun 13, 2024 · 1 comment
Open

[Bug Report]DeviceClient.GetFileUploadSaSUriAsync() returns invalid SAS when hub is using System-identity. #3460

Gamecock opened this issue Jun 13, 2024 · 1 comment
Labels
bug Something isn't working.

Comments

@Gamecock
Copy link

Context

  • OS, version, SKU and CPU architecture used: (Windows 10 Desktop x64)
  • Application's .NET Target Framework : .net8.0
  • Device: Laptop
  • SDK version used:
    Microsoft.Azure.Devices.Client 1.42.3

Description of the issue

Followeing these instructions
Fie Upload works.
Change the authentication type for iot hub here. from Key-based to System-assigned.
Change back, file upload works again.

From python it works by treating the token as an AccessToken and adding an auth header, but that is not an option in C#.
image

Original discussion in Q&A.

Code sample exhibiting the issue

Please remove any connection string information!
Updated dotnet version and packages, did not test as written.

Console log of the issue

Follow the instructions here to capture SDK logs.
Don't forget to remove any connection string information!

Exception thrown: 'Azure.RequestFailedException' in System.Private.CoreLib.dll
Azure.RequestFailedException: Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:2081d445-901e-0073-19b2-bda93b000000
Time:2024-06-13T16:53:36.5127373Z
Status: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)
ErrorCode: NoAuthenticationInformation

Content:
NoAuthenticationInformationServer failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:2081d445-901e-0073-19b2-bda93b000000
Time:2024-06-13T16:53:36.5127373Z

Headers:
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2081d445-901e-0073-19b2-bda93b000000
x-ms-client-request-id: e3128d2e-e46f-4494-aa57-6c5876f0ae64
x-ms-version: 2023-11-03
x-ms-error-code: NoAuthenticationInformation
WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/37051258-66ca-457a-a41d-d94c41705e37/oauth2/authorize resource_id=https://storage.azure.com
Date: Thu, 13 Jun 2024 16:53:36 GMT
Content-Length: 302
Content-Type: application/xml

at Azure.Storage.Blobs.BlockBlobRestClient.UploadAsync(Int64 contentLength, Stream body, Nullable1 timeout, Byte[] transactionalContentMD5, String blobContentType, String blobContentEncoding, String blobContentLanguage, Byte[] blobContentMD5, String blobCacheControl, IDictionary2 metadata, String leaseId, String blobContentDisposition, String encryptionKey, String encryptionKeySha256, Nullable1 encryptionAlgorithm, String encryptionScope, Nullable1 tier, Nullable1 ifModifiedSince, Nullable1 ifUnmodifiedSince, String ifMatch, String ifNoneMatch, String ifTags, String blobTagsString, Nullable1 immutabilityPolicyExpiry, Nullable1 immutabilityPolicyMode, Nullable1 legalHold, Byte[] transactionalContentCrc64, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlockBlobClient.UploadInternal(Stream content, BlobHttpHeaders blobHttpHeaders, IDictionary2 metadata, IDictionary2 tags, BlobRequestConditions conditions, Nullable1 accessTier, BlobImmutabilityPolicy immutabilityPolicy, Nullable1 legalHold, IProgress1 progressHandler, UploadTransferValidationOptions transferValidationOverride, String operationName, Boolean async, CancellationToken cancellationToken)
at Azure.Storage.Blobs.Specialized.BlockBlobClient.<>c__DisplayClass65_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Azure.Storage.PartitionedUploader2.UploadInternal(Stream content, Nullable1 expectedContentLength, TServiceSpecificData args, IProgress`1 progressHandler, Boolean async, CancellationToken cancellationToken)
at Azure.Storage.Blobs.Specialized.BlockBlobClient.UploadAsync(Stream content, BlobUploadOptions options, CancellationToken cancellationToken)
@Gamecock Gamecock added the bug Something isn't working. label Jun 13, 2024
@0xDB6
Copy link

0xDB6 commented Jun 17, 2024
edited
Loading

We're having the same problem. The behavior of the IoT Hub seems to have changed a couple days ago. There's another related discussion in the Q&A portal here:

https://learn.microsoft.com/en-us/answers/questions/1696008/notify-uploaded-file-using-system-assigned-authent

The workaround described above to use the wrongly returned access token for authentication can be translated to C# by creating a class which derives from TokenCredential and simply returns the extracted JWT token. If we do that, the upload itself works but the file upload notification fails with a HTTP 400 / IoT Hub error 40020 / 'InvalidStorageEndpointOrBlob' as described in the linked discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gamecock @0xDB6