LetsPlayYahtzee LetsPlayYahtzee - 9 months ago 59
Javascript Question

Azure Table Storage Authenticate REST call through javascript

I am trying to make a REST call to my Azure Table using javascript but I find it hard to authenticate the call.

I am using that piece of javascript (I know the date has to be maximum 15 min old, and I don't plan on using the actual key in the javascript!)

var dateTimeInUtc = 'Fri, 12 Feb 2016 12:14:00 GMT';
var version = '2015-04-05';
var key = 'JEwMjqFD1ng8vIaECmRw8eQysiIvH08nF/jPKPYaNGumgxtKIjltX8bte5sKN6SNyw09s=='; // not an actuall key
var stringToSign = 'GET\n\n\nFri, 12 Feb 2016 12:14:00 GMT\n/myaccount/mytable(PartitionKey=\'first_partition\', RowKey=\'1235\')';
var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse(stringToSign), CryptoJS.enc.Base64.parse(key)));
url:'https://myaccount.table.core.windows.net/mytable(PartitionKey=\'first_partition\', RowKey=\'1235\')',
type: 'GET',
success: function (data) {
console.log('well done');
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', "SharedKey " + "myaccount" + ":" + signature);
xhr.setRequestHeader('x-ms-date', dateTimeInUtc);
xhr.setRequestHeader('x-ms-version', version);
error: function (rcvData) {

what I get

403 (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.)

Do you see anything obviously wrong? Do I miss something from the signature?

Answer Source

The string-to-sign that you construct must be the exact URL transmitted over the wire, including percent encoding characters not allowed in a URL. In this case, the space character in the URL will be percent encoded over the wire, so it must be percent encoded in the string-to-sign.

From the MSDN page:

Any portion of the CanonicalizedResource string that is derived from the resource's URI should be encoded exactly as it is in the URI.