[Bug Report]DeviceClient.GetFileUploadSaSUriAsync() returns invalid SAS when hub is using System-identity.
Gamecock opened this issue · 1 comments
Context
- OS, version, SKU and CPU architecture used: (Windows 10 Desktop x64)
- Application's .NET Target Framework : .net8.0
- Device: Laptop
- SDK version used:
Microsoft.Azure.Devices.Client 1.42.3
Description of the issue
Followeing these instructions
Fie Upload works.
Change the authentication type for iot hub here. from Key-based to System-assigned.
Change back, file upload works again.
From python it works by treating the token as an AccessToken and adding an auth header, but that is not an option in C#.
Original discussion in Q&A.
Code sample exhibiting the issue
Please remove any connection string information!
Updated dotnet version and packages, did not test as written.
Console log of the issue
Follow the instructions here to capture SDK logs.
Don't forget to remove any connection string information!
Exception thrown: 'Azure.RequestFailedException' in System.Private.CoreLib.dll
Azure.RequestFailedException: Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:2081d445-901e-0073-19b2-bda93b000000
Time:2024-06-13T16:53:36.5127373Z
Status: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)
ErrorCode: NoAuthenticationInformation
Content:
NoAuthenticationInformation
Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:2081d445-901e-0073-19b2-bda93b000000
Time:2024-06-13T16:53:36.5127373Z
Headers:
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2081d445-901e-0073-19b2-bda93b000000
x-ms-client-request-id: e3128d2e-e46f-4494-aa57-6c5876f0ae64
x-ms-version: 2023-11-03
x-ms-error-code: NoAuthenticationInformation
WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/37051258-66ca-457a-a41d-d94c41705e37/oauth2/authorize resource_id=https://storage.azure.com
Date: Thu, 13 Jun 2024 16:53:36 GMT
Content-Length: 302
Content-Type: application/xml
at Azure.Storage.Blobs.BlockBlobRestClient.UploadAsync(Int64 contentLength, Stream body, Nullable1 timeout, Byte[] transactionalContentMD5, String blobContentType, String blobContentEncoding, String blobContentLanguage, Byte[] blobContentMD5, String blobCacheControl, IDictionary
2 metadata, String leaseId, String blobContentDisposition, String encryptionKey, String encryptionKeySha256, Nullable1 encryptionAlgorithm, String encryptionScope, Nullable
1 tier, Nullable1 ifModifiedSince, Nullable
1 ifUnmodifiedSince, String ifMatch, String ifNoneMatch, String ifTags, String blobTagsString, Nullable1 immutabilityPolicyExpiry, Nullable
1 immutabilityPolicyMode, Nullable1 legalHold, Byte[] transactionalContentCrc64, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlockBlobClient.UploadInternal(Stream content, BlobHttpHeaders blobHttpHeaders, IDictionary
2 metadata, IDictionary2 tags, BlobRequestConditions conditions, Nullable
1 accessTier, BlobImmutabilityPolicy immutabilityPolicy, Nullable1 legalHold, IProgress
1 progressHandler, UploadTransferValidationOptions transferValidationOverride, String operationName, Boolean async, CancellationToken cancellationToken)
at Azure.Storage.Blobs.Specialized.BlockBlobClient.<>c__DisplayClass65_0.<b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Azure.Storage.PartitionedUploader2.UploadInternal(Stream content, Nullable
1 expectedContentLength, TServiceSpecificData args, IProgress`1 progressHandler, Boolean async, CancellationToken cancellationToken)
at Azure.Storage.Blobs.Specialized.BlockBlobClient.UploadAsync(Stream content, BlobUploadOptions options, CancellationToken cancellationToken)
We're having the same problem. The behavior of the IoT Hub seems to have changed a couple days ago. There's another related discussion in the Q&A portal here:
The workaround described above to use the wrongly returned access token for authentication can be translated to C# by creating a class which derives from TokenCredential and simply returns the extracted JWT token. If we do that, the upload itself works but the file upload notification fails with a HTTP 400 / IoT Hub error 40020 / 'InvalidStorageEndpointOrBlob' as described in the linked discussion.