Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token

SebastianG picture SebastianG · Oct 12, 2018 · Viewed 24.9k times · Source

I am building an Angular 6 application that will be able to make CRUD operation on Azure Blob Storage. I'm however using postman to test requests before implementing them inside the app and copy-pasting the token that I get from Angular for that resource.

When trying to read a file that I have inside the storage for test purposes, I'm getting: <Code>AuthorizationPermissionMismatch</Code> <Message>This request is not authorized to perform this operation using this permission.

  • All in production environment (although developing)
  • Token acquired specifically for storage resource via Oauth
  • Postman has the token strategy as "bearer "
  • Application has "Azure Storage" delegated permissions granted.
  • Both the app and the account I'm acquiring the token are added as "owners" in azure access control IAM
  • My IP is added to CORS settings on the blob storage.
  • StorageV2 (general purpose v2) - Standard - Hot
  • x-ms-version header used is: 2018-03-28 because that's the latest I could find and I just created the storage account.

Answer

jager1000 picture jager1000 · Oct 12, 2018

I found it's not enough for the app and account to be added as owners, I would go into your storage account > IAM > Add role and add the special permission for this type of request, STORAGE BLOB DATA CONTRIBUTOR (PREVIEW)