microsoft
An authentication error occurs after attaching the service via OAuth, even though the correct RBAC role is assigned
Storage Explorer Version
1.40.1 (109)
Regression From
Not a regression
Architecture
arm64
Storage Explorer Build Number
20251020.1
Platform
All
OS Version
Windows 11 arm64/MacOS Sequoia 15.6.1/Linux Ubuntu 22.04
Bug Description
An authentication error occurs after attaching the service via OAuth, even though the correct RBAC role is assigned.
Resource Types
Blobs, ADLS Gen2 blobs, file shares, queues, tables
Authentication Method
None
Connection Type
Attachment
Steps to Reproduce
- Expand one storage account (The storage account has been assigned correct RBAC role) -> Blob Containers.
- Select a blob container and attach it using OAuth.
- After the container is attached successfully,
- Check whether any error occurs.
Actual Experience
An authentication error occurs.
Error details:
Server failed to authenticate the request. Please refer to the information in the www-authenticate header. RequestId:72eaa386-201e-0069-7c9f-416cb1000000 Time:2025-10-20T09:00:34.2540146Z
Expected Experience
No error occurs.
Additional Context
- Successfully expanded and opened the service with the RBAC role assigned (the “Disable Usage of Keys” setting is enabled).
- The following screenshot shows the role assignment
- This issue also occurs even when the role is assigned at the subscription level.
- Here is the app log:
I think this is by design. Storage Explorer calls the Get Account Information API to get account info, which requires a key or SAS. Since you've turned off key usage, you no longer have any valid authentication methods, so the errors are expected.
However, let me dig a little deeper. This does sound like something we shouldn't be trying if keys aren't available.
@craxal This issue also reproduces when setting 'Disable Usage of Keys' is disabled.
@v-xianya Please verify whether you have permission to list keys or if key authentication is enabled on the storage account.