How To Create Authorization Header for Authenticating Azure Storage Services Using C#

In this blog, we are going to see how to create an authorization header for authenticating Azure storage services using C#.

Authorization

 
Authorization header is used to authenticate Azure services via Rest API. Every request to the Azure storage service must be authenticated. This authentication scheme supports Azure storage services like blobs, queues, tables, and files.
 
The header looks like the below scheme,
 
x-ms-date: date_and_time 
Authorization:azure_storage_account_name:signature
 

Shared Key Authentication

 
Here I used the Shared Key Lite authentication scheme. Shared Key authorization relies on your account access keys and other parameters to produce an encrypted signature string that is passed on the request in the Authorizationheader. The actual sample of Shared Key authentication will be,
 
Method: GET
ContentType: application/json
X-ms-date :Fri, 17 Aug 2018 12:18:16 GMT
Authorization: SharedKeyLite testaccount008:uay+rilMVayH/Sdsfd8X+a3fL8k/NxCnIePdyZSkqvydM=
 
Authorizationheader is constructed by making a hash-based message authentication code using the SHA-256 hash
 
The following is an example of performing the HMACSHA256 hash for the Authorization header,
  1. using System;  
  2. using System.Text;  
  3. using System.Net;  
  4. using System.Security.Cryptography;  
  5. namespace AzureTablesAuthentication {  
  6.     class Program {  
  7.         static void Main(string[] args) {  
  8.             try {  
  9.                 string storageAccount = ""// Enter the Azure storage account name  
  10.                 string accessKey = ""// Enter the Azure access key value  
  11.                 string TableName = ""//Enter the Azure Table name  
  12.                 string uri = @ "https://" + storageAccount + ".table.core.windows.net/" + resourcePath;  
  13.                 HttpWebRequest request = (HttpWebRequest) HttpWebRequest.Create(uri);  
  14.                 request.Method = "GET";  
  15.                 request.ContentType = "application/json";  
  16.                 request.ContentLength = resourcePath.Length;  
  17.                 request.Accept = "application/json;odata=nometadata";  
  18.                 request.Headers.Add("x-ms-date", DateTime.UtcNow.ToString("R", System.Globalization.CultureInfo.InvariantCulture));  
  19.                 request.Headers.Add("x-ms-version""2015-12-11");  
  20.                 request.Headers.Add("Accept-Charset""UTF-8");  
  21.                 request.Headers.Add("MaxDataServiceVersion""3.0;NetFx");  
  22.                 request.Headers.Add("DataServiceVersion""1.0;NetFx");  
  23.                 string stringToSign = request.Headers["x-ms-date"] + "\n";  
  24.                 stringToSign += "/" + storageAccount + "/" + resourcePath;  
  25.                 HMACSHA256 hasher = new HMACSHA256(Convert.FromBase64String(accessKey));  
  26.                 string sAuthTokn = "SharedKeyLite " + storageAccount + ":" + Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));  
  27.                 request.Headers.Add("Authorization", sAuthTokn);  
  28.                 Console.WriteLine("Authorization Header :", request.Headers["Authorization"]);  
  29.                 Console.ReadLine();  
  30.             } catch (Exception ex) {  
  31.                 throw ex;  
  32.             }  
  33.         }  
  34.     }  
  35. }  
That's it. Now run the application, go to Debug menu and click on Start without Debugging, or press F5. This will open the console and display the following result.
 
I hope you have learned how to create an authorization header for authenticating Azure storage services using C#. Feel free to fill up the comment box below, if you need any assistance.