microsoft
Authentication issue - Firewalls blocking login
Preflight Checklist
- [X] I have installed the latest version of Storage Explorer.
- [X] I have checked existing resources, including the troubleshooting guide and the release notes.
- [X] I have searched for similar issues.
Storage Explorer Version
1.34.0
Regression From
No response
Architecture
x64
Storage Explorer Build Number
20240523.2
Platform
All
OS Version
Windows 10
Bug Description
Hi Team,
I'm getting below error while login in storage account.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Steps to Reproduce
Login storage account
Actual Experience
Unable to use storage explore due to firewall blocking my access
Expected Experience
please assist in adding my ip address to Firewall
Additional Context
This request is not authorized to perform this operation.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Error Details: { "name": "RestError", "code": "AuthorizationFailure", "statusCode": 403, "request": { "streamResponseStatusCodes": {}, "url": "https://afsprodwus3synst.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.34.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.9.0; Windows_NT 10.0.22631)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3" }, "response": { "request": { "streamResponseStatusCodes": {}, "url": "https://afsprodwus3synst.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.34.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.9.0; Windows_NT 10.0.22631)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3" }, "status": 403, "headers": { "_headersMap": { "content-length": { "name": "content-length", "value": "246" }, "content-type": { "name": "content-type", "value": "application/xml" }, "server": { "name": "server", "value": "Microsoft-HTTPAPI/2.0" }, "x-ms-request-id": { "name": "x-ms-request-id", "value": "b647afd6-001e-0076-2485-c1be89000000" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3" }, "x-ms-error-code": { "name": "x-ms-error-code", "value": "AuthorizationFailure" }, "date": { "name": "date", "value": "Tue, 18 Jun 2024 13:39:58 GMT" } } }, "bodyAsText": "<Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.\nRequestId:b647afd6-001e-0076-2485-c1be89000000\nTime:2024-06-18T13:39:59.0493974Z</Message></Error>", "parsedBody": { "message": "This request is not authorized to perform this operation.\nRequestId:b647afd6-001e-0076-2485-c1be89000000\nTime:2024-06-18T13:39:59.0493974Z", "code": "AuthorizationFailure" }, "parsedHeaders": { "errorCode": "AuthorizationFailure", "content-length": "246", "content-type": "application/xml", "server": "Microsoft-HTTPAPI/2.0", "x-ms-request-id": "b647afd6-001e-0076-2485-c1be89000000", "x-ms-client-request-id": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3", "date": "Tue, 18 Jun 2024 13:39:58 GMT" } }, "details": { "errorCode": "AuthorizationFailure", "content-length": "246", "content-type": "application/xml", "server": "Microsoft-HTTPAPI/2.0", "x-ms-request-id": "b647afd6-001e-0076-2485-c1be89000000", "x-ms-client-request-id": "df31d930-8ae0-4e15-8078-5cf3c1e0b1b3", "date": "Tue, 18 Jun 2024 13:39:58 GMT", "message": "This request is not authorized to perform this operation.\nRequestId:b647afd6-001e-0076-2485-c1be89000000\nTime:2024-06-18T13:39:59.0493974Z", "code": "AuthorizationFailure" } }
@v-ruloga Are you able to access your storage resource from the Azure Portal?
As the error suggests, your access may be blocked due to firewall settings on the storage account. Do you know if public network access to your storage resource is restricted in any way? You may need to communicate with your administrator to grant your machine access.
Closing due to inactivity. If this is a still a problem, please leave a comment with updated information, and we can revist.
Would be nice to add a functionality to Storage Explorer to add the current public IP to the fire wall exception list if the currently logged on user has enough permissions. Microsoft SQL Management Studio has that functionality if connecting to an Azure SQL database. Nice time saver that you do not have to switch to the Azure Portal, find the storage, add the allowed IP, go back to Storage Explorer, refrehs the storage connection and access blob or table.
