Jaa


Azure Storage Queue - Randomly Getting 403 Forbidden on delete of queue message with REST API

 

While developing an application that reads and deletes messages on an Azure storage Queue using the REST API (not the Azure Storage libraries), some requests (but not all) to delete a message are returned by a 403 error and the message is not deleted. This does not happen all the time. In many cases it works fine but it seems to randomly fail for a few requests.

The remote server returned an error: (403) Forbidden.AuthenticationFailed. Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. The MAC signature found in the HTTP request 'ALWhzP+84PAKpkQLpDj8Sl4MtnGkla3P0WjLkRaPDl4=' is not the same as any computed signature.

So I took a fiddler to log the request and response.

This delete worked!

GETTING THE  MESSAGE  FROM  THE  QUEUE

Request

 GET https://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages HTTP/1.1
 x-ms-date: Mon, 23 Feb 2015 16:24:59 GMT
 x-ms-version: 2009-09-19
 Authorization: SharedKey annayakstorage:gPlR4ol9dgBPfW9B/KQ9jKdSLZP8lakXKGQL73/xNQf=
 Accept: application/atom+xml,application/xml
 Host: annayakstorage.queue.core.windows.net

Response

 HTTP/1.1 200 OK
 Cache-Control: no-cache
 Transfer-Encoding: chunked
 Content-Type: application/xml
 Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
 x-ms-request-id: gp9a9lfq-0007-0056-9k3q-9003l8000000
 x-ms-version: 2009-09-19
 Date: Mon, 23 Feb 2015 16:25:01 GMT
  
 <?xml version="1.0" encoding="utf-8"?>
 <QueueMessagesList>
 <QueueMessage>
 <MessageId>4g8ap7be-573k-6o9d-97ct-4k73k935gldk </MessageId>
 <InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>
 <ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>
 <DequeueCount>1</DequeueCount>
 <PopReceipt> AgAAAAMAAAAAAAAAFFKoV9QS0KF=</PopReceipt>
 <TimeNextVisible>Mon, 25 Feb 2015 16:25:31 GMT</TimeNextVisible>
 <MessageText> PQPxl9KmQLFaplGzSPQldxUaEL9lqPztDIF=</MessageText>
 </QueueMessage>
 </QueueMessagesList>

DELETING THE  MESSAGE  FROM  THE  QUEUE

Request

 DELETE https://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/8e3be9ab-759b-4e0c-88bc-9c67d524bcad?popreceipt=AgAAAAMAAAAAAAAAFFKoV9QS0KF=HTTP/1.1  
 x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
 x-ms-version: 2009-09-19
 Authorization: SharedKey annayakstorage:zelCPqaDnaqGqXi1Eq8+5wpgAPZ0l73xuoC9D3C4k2c=
 Host: annayakstorage.queue.core.windows.net

Response

 HTTP/1.1 204 No Content
 Content-Length: 0
 Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
 x-ms-request-id: gp9a8psq-0007-0056-8l6k-9003l8000000
 x-ms-version: 2009-09-19
 Date: Mon, 23 Feb 2015 16:25:01 GMT 

 

This Delete Failed!

GETTING THE  MESSAGE  FROM  THE  QUEUE

Request

 GET https://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages HTTP/1.1 
 x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
 x-ms-version: 2009-09-19
 Authorization: SharedKey annayakstorage:gPlR4ol9dgBPfW9B/KQ9jKdSLZP8lakXKGQL73/xNQf=
 Accept: application/atom+xml,application/xml
 Host: annayakstorage.queue.core.windows.net

Response

 HTTP/1.1 200 OK
 Cache-Control: no-cache
 Transfer-Encoding: chunked
 Content-Type: application/xml
 Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
 x-ms-request-id: ge9sk924-0005-0078-843u-8114k9000000
 x-ms-version: 2009-09-19
 Date: Mon, 25 Feb 2015 16:25:01 GMT
  
 <?xml version="1.0" encoding="utf-8"?>
 <QueueMessagesList>
 <QueueMessage>
 <MessageId>8dvk9450-g8dk-6932-4j83-3429rslw8l2a</MessageId>
 <InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>
 <ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>
 <DequeueCount>1</DequeueCount>
 <PopReceipt>AgAAAAMAAAAAAAAADQ+uV9QS0KF=</PopReceipt>
 <TimeNextVisible>Mon, 23 Feb 2015 16:25:31 GMT</TimeNextVisible>
 <MessageText>YULzc2PaPAPbpwTkQgLsyxEmDL4laWaLWdP=</MessageText>
 </QueueMessage>
 </QueueMessagesList>
  

DELETING THE  MESSAGE  FROM  THE  QUEUE

Request

 DELETE https://annayakstorage.queue.core.windows.net/plccommandsqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c?popreceipt=AgAAAAMAAAAAAAAADQ+uV9QS0KF=HTTP/1.1 
 x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
 x-ms-version: 2009-09-19
 Authorization: SharedKey annayakstorage:QKWlaP+39WLQalWPaKd7Ka9MwpAjbh9Q9GaDlPxAFl9=
 Host: annayakstorage.queue.core.windows.net

Response

 HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
 Content-Length: 783
 Content-Type: application/xml
 Server: Microsoft-HTTPAPI/2.0
 x-ms-request-id: ge9sk924-0005-0093-843u-8114k9000000
 Date: Mon, 25 Feb 2015 16:25:01 GMT

Error

 <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
 RequestId: ge9sk924-0005-0093-843u-8114k9000000
  
 Time:2015-02-25T16:25:01.8486841Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request ‘QKWlaP+39WLQalWPaKd7Ka9MwpAjbh9Q9GaDlPxAFl9=’ is not the same as any computed signature. Server used following string to sign: 
 'DELETE 
 x-ms-date:Mon, 25 Feb 2015 16:24:59 GMT
 x-ms-version:2009-09-19
 /annayakstorage/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c
 popreceipt:AgAAAAMAAAAAAAAAFF wV4VP0AE='.</AuthenticationErrorDetail></Error>

After spending quite some hours through the traces I noticed that in the failing case the popreceipt is not the same as the one inside the message and hence it gives the error. 

Popreceipt in the request - DELETE https://annayakstorage.queue.core.windows.net/plccommandsqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c?popreceipt= AgAAAAMAAAAAAAAADQ+uV9QS0KF= HTTP/1.1

Popreceipt in the error response – popreceipt : AgAAAAMAAAAAAAAADQ uV9QS0KF=

If you notice the ’+’ is gone. In all the working cases I see the popreceipt didn't have a ’+’. So whenever the message has a popreceipt with a + as below it was failing.

<?xml version="1.0" encoding="utf-8"?>

<QueueMessagesList>

<QueueMessage>

<MessageId>8dvk9450-g8dk-6932-4j83-3429rslw8l2a</MessageId>

<InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>

<ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>

<DequeueCount>1</DequeueCount>

<PopReceipt>AgAAAAMAAAAAAAAADQ + uV9QS0KF=</PopReceipt>

<TimeNextVisible>Mon, 25 Feb 2015 16:25:31 GMT</TimeNextVisible>

<MessageText>YULzc2PaPAPbpwTkQgLsyxEmDL4laWaLWdP=</MessageText>

</QueueMessage>

</QueueMessagesList>

As per the standard reserved characters need to be URL encoded when transmitted over the internet. https://en.wikipedia.org/wiki/Percent-encoding

So I used the .Net class WebUtility (https://msdn.microsoft.com/en-us/library/zttxte6w(v=vs.110).aspx) and URL encoded the parameters like popreceipt.

The following changes were made to the code to encode the special character. 

 String urlPath = String.Format("{0}/messages/{1}?popreceipt={2}", 
 WebUtility.UrlEncode(queueName), WebUtility.UrlEncode(messageid),
 WebUtility.UrlEncode(popreceipt));

It started working fine after that and the deletes don’t fail randomly anymore.

Regards,

Angshuman Nayak

Cloud Integration Engineer