Azure Storage Queue – Randomly Getting 403 Forbidden on delete of queue message with REST API


 

While developing an application that reads and deletes messages on an Azure storage Queue using the REST API (not the Azure Storage libraries), some requests (but not all) to delete a message are returned by a 403 error and the message is not deleted. This does not happen all the time. In many cases it works fine but it seems to randomly fail for a few requests.

The remote server returned an error: (403) Forbidden.AuthenticationFailed. Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. The MAC signature found in the HTTP request 'ALWhzP+84PAKpkQLpDj8Sl4MtnGkla3P0WjLkRaPDl4=' is not the same as any computed signature.

So I took a fiddler to log the request and response.

This delete worked!

GETTING THE  MESSAGE  FROM  THE  QUEUE

Request

GET http://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages HTTP/1.1
x-ms-date: Mon, 23 Feb 2015 16:24:59 GMT
x-ms-version: 2009-09-19
Authorization: SharedKey annayakstorage:gPlR4ol9dgBPfW9B/KQ9jKdSLZP8lakXKGQL73/xNQf=
Accept: application/atom+xml,application/xml
Host: annayakstorage.queue.core.windows.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: application/xml
Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: gp9a9lfq-0007-0056-9k3q-9003l8000000
x-ms-version: 2009-09-19
Date: Mon, 23 Feb 2015 16:25:01 GMT
 
<?xml version="1.0" encoding="utf-8"?>
<QueueMessagesList>
<QueueMessage>
<MessageId>4g8ap7be-573k-6o9d-97ct-4k73k935gldk </MessageId>
<InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>
<ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>
<DequeueCount>1</DequeueCount>
<PopReceipt> AgAAAAMAAAAAAAAAFFKoV9QS0KF=</PopReceipt>
<TimeNextVisible>Mon, 25 Feb 2015 16:25:31 GMT</TimeNextVisible>
<MessageText> PQPxl9KmQLFaplGzSPQldxUaEL9lqPztDIF=</MessageText>
</QueueMessage>
</QueueMessagesList>

DELETING THE  MESSAGE  FROM  THE  QUEUE

Request

DELETE http://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/8e3be9ab-759b-4e0c-88bc-9c67d524bcad?popreceipt=AgAAAAMAAAAAAAAAFFKoV9QS0KF=HTTP/1.1  
x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
x-ms-version: 2009-09-19
Authorization: SharedKey annayakstorage:zelCPqaDnaqGqXi1Eq8+5wpgAPZ0l73xuoC9D3C4k2c=
Host: annayakstorage.queue.core.windows.net

Response

HTTP/1.1 204 No Content
Content-Length: 0
Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: gp9a8psq-0007-0056-8l6k-9003l8000000
x-ms-version: 2009-09-19
Date: Mon, 23 Feb 2015 16:25:01 GMT 

 

This Delete Failed!

GETTING THE  MESSAGE  FROM  THE  QUEUE

Request

GET http://annayakstorage.queue.core.windows.net/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages HTTP/1.1 
x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
x-ms-version: 2009-09-19
Authorization: SharedKey annayakstorage:gPlR4ol9dgBPfW9B/KQ9jKdSLZP8lakXKGQL73/xNQf=
Accept: application/atom+xml,application/xml
Host: annayakstorage.queue.core.windows.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: application/xml
Server: Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ge9sk924-0005-0078-843u-8114k9000000
x-ms-version: 2009-09-19
Date: Mon, 25 Feb 2015 16:25:01 GMT
 
<?xml version="1.0" encoding="utf-8"?>
<QueueMessagesList>
<QueueMessage>
<MessageId>8dvk9450-g8dk-6932-4j83-3429rslw8l2a</MessageId>
<InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>
<ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>
<DequeueCount>1</DequeueCount>
<PopReceipt>AgAAAAMAAAAAAAAADQ+uV9QS0KF=</PopReceipt>
<TimeNextVisible>Mon, 23 Feb 2015 16:25:31 GMT</TimeNextVisible>
<MessageText>YULzc2PaPAPbpwTkQgLsyxEmDL4laWaLWdP=</MessageText>
</QueueMessage>
</QueueMessagesList>
 

DELETING THE  MESSAGE  FROM  THE  QUEUE

Request

DELETE http://annayakstorage.queue.core.windows.net/plccommandsqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c?popreceipt=AgAAAAMAAAAAAAAADQ+uV9QS0KF=HTTP/1.1 
x-ms-date: Mon, 25 Feb 2015 16:24:59 GMT
x-ms-version: 2009-09-19
Authorization: SharedKey annayakstorage:QKWlaP+39WLQalWPaKd7Ka9MwpAjbh9Q9GaDlPxAFl9=
Host: annayakstorage.queue.core.windows.net

Response

HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Content-Length: 783
Content-Type: application/xml
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: ge9sk924-0005-0093-843u-8114k9000000
Date: Mon, 25 Feb 2015 16:25:01 GMT

Error

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId: ge9sk924-0005-0093-843u-8114k9000000
 
Time:2015-02-25T16:25:01.8486841Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request ‘QKWlaP+39WLQalWPaKd7Ka9MwpAjbh9Q9GaDlPxAFl9=’ is not the same as any computed signature. Server used following string to sign: 
'DELETE 
x-ms-date:Mon, 25 Feb 2015 16:24:59 GMT
x-ms-version:2009-09-19
/annayakstorage/restapiqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c
popreceipt:AgAAAAMAAAAAAAAAFF wV4VP0AE='.</AuthenticationErrorDetail></Error>

After spending quite some hours through the traces I noticed that in the failing case the popreceipt is not the same as the one inside the message and hence it gives the error. 

Popreceipt in the request - DELETE http://annayakstorage.queue.core.windows.net/plccommandsqueuecefbcdda-aadc-4676-9800-b96022ed78f6/messages/9cdb1031-b4fb-4079-8e59-4323efcd3e4c?popreceipt= AgAAAAMAAAAAAAAADQ+uV9QS0KF= HTTP/1.1

Popreceipt in the error response – popreceipt : AgAAAAMAAAAAAAAADQ uV9QS0KF=

If you notice the +is gone. In all the working cases I see the popreceipt didn't have a +’. So whenever the message has a popreceipt with a +as below it was failing.

<?xml version="1.0" encoding="utf-8"?>

<QueueMessagesList>

<QueueMessage>

<MessageId>8dvk9450-g8dk-6932-4j83-3429rslw8l2a</MessageId>

<InsertionTime>Mon, 25 Feb 2015 16:24:59 GMT</InsertionTime>

<ExpirationTime>Mon, 04 Mar 2015 16:24:59 GMT</ExpirationTime>

<DequeueCount>1</DequeueCount>

<PopReceipt>AgAAAAMAAAAAAAAADQ+uV9QS0KF=</PopReceipt>

<TimeNextVisible>Mon, 25 Feb 2015 16:25:31 GMT</TimeNextVisible>

<MessageText>YULzc2PaPAPbpwTkQgLsyxEmDL4laWaLWdP=</MessageText>

</QueueMessage>

</QueueMessagesList>

As per the standard reserved characters need to be URL encoded when transmitted over the internet. http://en.wikipedia.org/wiki/Percent-encoding

So I used the .Net class WebUtility (https://msdn.microsoft.com/en-us/library/zttxte6w(v=vs.110).aspx) and URL encoded the parameters like popreceipt.

The following changes were made to the code to encode the special character. 

String urlPath = String.Format("{0}/messages/{1}?popreceipt={2}", 
WebUtility.UrlEncode(queueName), WebUtility.UrlEncode(messageid),
WebUtility.UrlEncode(popreceipt));

It started working fine after that and the deletes don’t fail randomly anymore.

Regards,

Angshuman Nayak

Cloud Integration Engineer


Comments (0)

Skip to main content