You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to share access to a storage account with collaborators outside my company. I tried to generate a SAS URL but I get the Authenticator Error when I try to open blob storage. I have a Storage Blob Data Contributor role in this storage account. I also checked my public network access setting, and it is enabled from all networks.
Steps to Reproduce
Connect to storage account
Use Shared Access signature
Paste SAS URL
Open blob containers node
Error window appears
Actual Experience
I used the below settings to generate the SAS URL:
But got this pop up window when I connected to the storage account and tried to open the blob containers in the explorer:
This request is not authorized to perform this operation.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Thanks. Can I ask why you have 0.0.0.0 for allowed IP addresses? I think that is likely the problem here. That is saying a client's IP address needs to be 0.0.0.0. If you are ok with any IP address, you can just leave that blank.
Closing due to lack of response. If you require further help we recommend opening an Azure support ticket via the portal. Alternatively you can open a new issue here. This one will no longer be monitored.
Preflight Checklist
Storage Explorer Version
1.33.1
Regression From
No response
Architecture
arm64
Storage Explorer Build Number
20240410.2
Platform
macOS
OS Version
Sonoma 14.1
Bug Description
I would like to share access to a storage account with collaborators outside my company. I tried to generate a SAS URL but I get the Authenticator Error when I try to open blob storage. I have a Storage Blob Data Contributor role in this storage account. I also checked my public network access setting, and it is enabled from all networks.
Steps to Reproduce
Actual Experience
I used the below settings to generate the SAS URL:
But got this pop up window when I connected to the storage account and tried to open the blob containers in the explorer:
This request is not authorized to perform this operation.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Error Details:
{
"name": "RestError",
"code": "AuthorizationFailure",
"statusCode": 403,
"request": {
"streamResponseStatusCodes": {},
"url": "https://aufgehdlstrcoreprodweu01.blob.core.windows.net/?sv=2022-11-02&ss=b&srt=sco&sp=rwdlacyx&se=2024-04-29T15:24:36Z&st=2024-04-29T07:24:36Z&sip=0.0.0.0&spr=https&sig=AzureSAS Token Redacted&comp=list&include=metadata",
"method": "GET",
"headers": {
"_headersMap": {
"x-ms-version": {
"name": "x-ms-version",
"value": "2023-01-03"
},
"accept": {
"name": "Accept",
"value": "application/xml"
},
"user-agent": {
"name": "User-Agent",
"value": "Microsoft Azure Storage Explorer/1.33.1 (darwin) azsdk-js-storageblob/12.15.0 (NODE-VERSION v18.18.2; Darwin 23.1.0)"
},
"x-ms-client-request-id": {
"name": "x-ms-client-request-id",
"value": "039c4a2d-614a-48e2-ae83-9ab24b457ebc"
}
}
},
"withCredentials": false,
"timeout": 0,
"keepAlive": true,
"decompressResponse": false,
"requestId": "039c4a2d-614a-48e2-ae83-9ab24b457ebc"
},
"response": {
"request": {
"streamResponseStatusCodes": {},
"url": "https://aufgehdlstrcoreprodweu01.blob.core.windows.net/?sv=2022-11-02&ss=b&srt=sco&sp=rwdlacyx&se=2024-04-29T15:24:36Z&st=2024-04-29T07:24:36Z&sip=0.0.0.0&spr=https&sig=AzureSAS Token Redacted&comp=list&include=metadata",
"method": "GET",
"headers": {
"_headersMap": {
"x-ms-version": {
"name": "x-ms-version",
"value": "2023-01-03"
},
"accept": {
"name": "Accept",
"value": "application/xml"
},
"user-agent": {
"name": "User-Agent",
"value": "Microsoft Azure Storage Explorer/1.33.1 (darwin) azsdk-js-storageblob/12.15.0 (NODE-VERSION v18.18.2; Darwin 23.1.0)"
},
"x-ms-client-request-id": {
"name": "x-ms-client-request-id",
"value": "039c4a2d-614a-48e2-ae83-9ab24b457ebc"
}
}
},
"withCredentials": false,
"timeout": 0,
"keepAlive": true,
"decompressResponse": false,
"requestId": "039c4a2d-614a-48e2-ae83-9ab24b457ebc"
},
"status": 403,
"headers": {
"_headersMap": {
"content-length": {
"name": "content-length",
"value": "246"
},
"content-type": {
"name": "content-type",
"value": "application/xml"
},
"date": {
"name": "date",
"value": "Mon, 29 Apr 2024 07:25:30 GMT"
},
"server": {
"name": "server",
"value": "Microsoft-HTTPAPI/2.0"
},
"x-ms-client-request-id": {
"name": "x-ms-client-request-id",
"value": "039c4a2d-614a-48e2-ae83-9ab24b457ebc"
},
"x-ms-error-code": {
"name": "x-ms-error-code",
"value": "AuthorizationFailure"
},
"x-ms-request-id": {
"name": "x-ms-request-id",
"value": "6e4caa70-301e-0015-4106-9aed19000000"
}
}
},
"bodyAsText": "
AuthorizationFailure
This request is not authorized to perform this operation.\nRequestId:6e4caa70-301e-0015-4106-9aed19000000\nTime:2024-04-29T07:25:30.4108810Z","parsedBody": {
"message": "This request is not authorized to perform this operation.\nRequestId:6e4caa70-301e-0015-4106-9aed19000000\nTime:2024-04-29T07:25:30.4108810Z",
"code": "AuthorizationFailure"
},
"parsedHeaders": {
"errorCode": "AuthorizationFailure",
"content-length": "246",
"content-type": "application/xml",
"date": "Mon, 29 Apr 2024 07:25:30 GMT",
"server": "Microsoft-HTTPAPI/2.0",
"x-ms-client-request-id": "039c4a2d-614a-48e2-ae83-9ab24b457ebc",
"x-ms-request-id": "6e4caa70-301e-0015-4106-9aed19000000"
}
},
"details": {
"errorCode": "AuthorizationFailure",
"content-length": "246",
"content-type": "application/xml",
"date": "Mon, 29 Apr 2024 07:25:30 GMT",
"server": "Microsoft-HTTPAPI/2.0",
"x-ms-client-request-id": "039c4a2d-614a-48e2-ae83-9ab24b457ebc",
"x-ms-request-id": "6e4caa70-301e-0015-4106-9aed19000000",
"message": "This request is not authorized to perform this operation.\nRequestId:6e4caa70-301e-0015-4106-9aed19000000\nTime:2024-04-29T07:25:30.4108810Z",
"code": "AuthorizationFailure"
}
}
Expected Experience
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: