0
 ClientSecretCredential clientSecret = new ClientSecretCredentialBuilder()
          .clientId("********-****-****-****-************").tenantId(
          "********-****-****-****-************")
          .clientSecret("*****~***************************~******").build();
        
        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .credential(clientSecret)
                .endpoint("https://sambhutestsa.blob.core.windows.net/")
                .buildClient();
        
        
            
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("testcontainer");
        
        
        System.out.printf("Identifier for the snapshot is %s%n", blobContainerClient.getBlobClient("2824891.jpg").downloadToFile("C:\\Users\\ss255248\\2824891.jpg");

but getting this error can someone please help here.

Exception in thread "main" com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:d813ea5f-d01e-004d-7b0f-656de3000000
Time:2022-05-11T08:13:50.0902556Z</Message></Error>
Ryan M
  • 18,333
  • 31
  • 67
  • 74
Sambhu Samanta
  • 1
  • 1
  • 1
    Welcome to Stack Overflow. Please consider your credentials to be exposed. Please re-generate your credentials post-haste. *Never* include your credentials in any posts anywhere. – ewokx May 11 '22 at 09:13

1 Answers1

0

To resolve the error, please try the following:

Make sure whether you have below roles assigned to your security principal:

If not, make sure to assign it like below:

Go to Azure Portal ->Identify the required scope (Subscription/Resource group) -> Access Control (IAM) -> Add Role assignment

enter image description here

  • Check whether your application has below API permissions:

Image2

For more information, please refer this MsDoc:

  • Otherwise, try setting the time zone to UTC-0 .
  • Try adding comp=list&restype=container to your SAS URL as a workaround.
  • Make use of the snippet suggested in this SO thread.

For more in detail, please refer below link:

Azure App Service rejected with 403 error by Storage Account - Stack Overflow

[Solved] Azure Shared Access Signature - Signature did not match - Local Coder

Rukmini
  • 6,015
  • 2
  • 4
  • 14