Getting "AuthorizationPermissionMismatch" on a public container

Question

We use the NodeJS @azure/storage-blob SDK to access the storage container/blobs in our organization. We have a system developed wherein the users can access the private containers by logging in into our servers and their accounts being added via our admin to certain IAM roles (Either giving them read/write/delete access to the blobs).

Now, we want to enable some new users to access to public container/blobs by default. We have made a container public and the public links to these storage containers/blobs are accessible by a URL but when trying to access them via the NodeJS API we get the "AuthorizationPermissionMismatch" error.

The code we use is below:

function getBlobDirectories(result) {
   console.log(result);
}

function errorinlisting(err) {
   console.log(err);
}

const containerClient = global.getBlobService(this.storageAccount,req.user).getContainerClient(this.containerName);
let blobDirIterator = containerClient.listBlobsByHierarchy('/');
blobDirIterator.next().then(getBlobDirectories).catch(errorinlisting);

The function getBlobService looks like this:

exports.getBlobService = (storageAcc, user)=> {
    const account = storageAcc;
    const accountKey = storageaccountkeys[storageAcc]

    let blobServiceClient;

    const simpleTokenCredential = new SimpleTokenCredential(user.azureToken);
        blobServiceClient = new BlobServiceClient(
            `https://${account}.blob.core.windows.net`,
            simpleTokenCredential
        );
    return blobServiceClient;
}

Calling listBlobsByHierarchy, end up in error which ends up calling the errorinlisting function above with "AuthorizationPermissionMismatch" error..

What could be the issue? Is this a bug in the NodeJS API?

Any help would be invaluable.

What is `req.user` in `global.getBlobService(this.storageAccount,req.user)`? — Gaurav Mantri, Mar 24 '20 at 12:28
@GauravMantri I have updated the answer now. azureToken is the access token that I get when I log in using the Microsoft link. — sp497, Mar 24 '20 at 12:57
Thanks. Please see if this answers your question: https://stackoverflow.com/questions/52769758/azure-blob-storage-authorization-permission-mismatch-error-for-get-request-wit. — Gaurav Mantri, Mar 24 '20 at 13:03

score 0 · Answer 1 · answered Apr 18 '20 at 05:52

If your container is public accessible you might want to try create an instance of ContainerClient without a credential:

const { ContainerClient } = require("@azure/storage-blob")

const url = "<url to container with anonymous access>";
const containerClient = new ContainerClient(url);

async function main() {
    for await (const blob of containerClient.listBlobsFlat()) {
        console.log(blob.name);
    }
}

main().catch(error => {
    console.error(error);
})

Getting "AuthorizationPermissionMismatch" on a public container

1 Answers1