Azure-docs: SAS token

Created on 12 May 2019 · 3Comments · Source: MicrosoftDocs/azure-docs

It should be mentioned on the section about "Shared Access Signature" generation that the URI used to create the signature-string should be URL-Encoded.

Thank you.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 13478d1d-11eb-930a-02c4-559a1ef89fa6
Version Independent ID: be36cdf9-1e5e-c47f-e699-652dc42ee2b9
Content: Azure Service Bus access control with Shared Access Signatures
Content Source: articles/service-bus-messaging/service-bus-sas.md
Service: service-bus-messaging
GitHub Login: @axisc
Microsoft Alias: aschhab

cxp doc-enhancement service-bus-messaginsvc triaged

Source

galrito

All 3 comments

@galrito Thanks for the feedback. We are currently investigating into the issue and will update you shortly.

ChiragMishra-MSFT on 12 May 2019

👍1

Hi @galrito Thanks for pointing this out and providing your feedback.

It does say, towards the end of the same section, that: "The URI must be percent-encoded." and links to UrlEncode doc. However, this statement may not have been as discover-able & legible so I've gone ahead and created a PR that improves its formatting (moved it to a new line and turned it into bold text). If you have any further suggestions, definitely do let us know.

We will now proceed to close this thread for now. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

mike-urnun-msft on 25 May 2019

👍1

Hi @mike-urnun-msft, thank you for your reply.

What made me confused in this issue is that the snippet for creating the SAS is:
SharedAccessSignature sig=<signature-string>&se=<expiry>&skn=<keyName>&sr=<URL-encoded-resourceURI>.

Notice it has <URL-encoded-resourceURI>.

However, the one for generating the signature-string is:
SHA-256('https://<yournamespace>.servicebus.windows.net/'+'\n'+ 1438205742).

Notice it doesn't explicit says it should be URL-encoded.

My suggestion would be to change the snippet to SHA-256('<URL-encoded-resourceURI>'+'\n'+ 1438205742). This way, I believe there would be no more ambiguity by keeping the same format as the SAS snippet.

Thank you for your help.

galrito on 25 May 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Azure DevOps Build Pipeline can't get secrets from Key Vault when secured with vnet and firewall

aspnet4you · 50Comments

The code appears to build fine. The certificates are all loaded. But I cannot connect. There has to be a step missing. Do we need to create client certificate on the cluster? When I try to open the service fabric explorer I get a not authorized message. Not sure why?

tshinkle · 40Comments

Application Gateway: Integration with Key Vault does not work

DanijelMalik · 82Comments

Failed to Start IoT Edge daemon

smcd253 · 44Comments

WEBSITE_CONTENTSHARE should not be used accroding to support

danielstocker · 70Comments