[storage] GetSharedAccessSignature fails for containers with trailing slash #131

MartinWa opened this Issue Nov 20, 2012 · 1 comment


None yet

4 participants


Given the following code:

var blobClient = account.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(containerName);
CloudBlockBlob _blockblob = container.GetBlockBlobReference(fileName);
var sharedAccessPolicy = new SharedAccessBlobPolicy
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-10),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30),
Permissions = SharedAccessBlobPermissions.Read
var sharedAccessSignature = _blockblob.GetSharedAccessSignature(sharedAccessPolicy);
var link = _blockblob.Uri.AbsoluteUri + sharedAccessSignature;

a AuthenticationFailed error will occur from the link if the containerName has a trailing slash (this is allowed in all other places).

The reason for this is that the GetCanonicalName method in CloudBlockBlobBase will add a slash to the container name resulting in a double slash. This is then signed and returned in the SAS. The AbsoluteUri however will not add the extra slash and thus the signature will not be valid for the created link.

A change in GetCanonicalName to trim any trailing slash from container name would solve this.


@bradygaster bradygaster was assigned Dec 9, 2013

Please recreate in https://github.com/Azure/azure-storage-net/ if still relevant.

@stankovski stankovski closed this Oct 2, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment