question

XinmingZhuo-4279 avatar image
0 Votes"
XinmingZhuo-4279 asked Sumarigo-MSFT edited

azcopy cp fail to copy file from local to cloud

azcopy login
azcopy make 'https://teststore.blob.core.windows.net/testcontainer'

INFO: Authenticating to destination using Azure AD
Successfully created the resource.


.\azcopy cp 'C:\Users\test\Downloads\azcopy_windows_amd64_10.12.2.zip' 'https://nfteststore.blob.core.windows.net/testcontainer/azcopy_windows_amd64_10.12.2.zip' --put-md5

INFO: Scanning...
INFO: Authenticating to destination using Azure AD
INFO: Any empty folders will not be processed, because source and/or destination doesn't have full folder support

Job 27550018-b68e-e947-5d0e-0eee01756d70 has started
Log file is located at: C:\Users\test.azcopy\27550018-b68e-e947-5d0e-0eee01756d70.log

INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.1-0.20210823171415-e7932f52ad61/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
RequestId:19a5830e-901e-0045-1f04-ba9ee4000000
Time:2021-10-05T16:14:46.1894124Z, Details:
Code: AuthorizationPermissionMismatch
PUT https://nfteststore.blob.core.windows.net/testcontainer/azcopy_windows_amd64_10.12.2.zip?blockid=MzA5MjkxNmUtMWEyMS1kNTQ3LTQwZTEtMDA1NjQxMGMwYjJj&comp=block&timeout=901
Authorization: REDACTED
Content-Length: [8388608]
User-Agent: [AzCopy/10.12.2 Azure-Storage/0.14 (go1.16; Windows_NT)]
X-Ms-Client-Request-Id: [aa507122-e7e2-441f-42dd-ee6895b2ad1e]
X-Ms-Version: [2019-12-12]
--------------------------------------------------------------------------------
RESPONSE Status: 403 This request is not authorized to perform this operation using this permission.
Content-Length: [279]
Content-Type: [application/xml]
Date: [Tue, 05 Oct 2021 16:14:45 GMT]
Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0]
X-Ms-Client-Request-Id: [aa507122-e7e2-441f-42dd-ee6895b2ad1e]
X-Ms-Error-Code: [AuthorizationPermissionMismatch]
X-Ms-Request-Id: [19a5830e-901e-0045-1f04-ba9ee4000000]
X-Ms-Version: [2019-12-12]



  1. %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total,


Job 27550018-b68e-e947-5d0e-0eee01756d70 summary
Elapsed Time (Minutes): 0.0334
Number of File Transfers: 1
Number of Folder Property Transfers: 0
Total Number of Transfers: 1
Number of Transfers Completed: 0
Number of Transfers Failed: 1
Number of Transfers Skipped: 0
TotalBytesTransferred: 0
Final Job Status: Cancelled


























azure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sumarigo-MSFT avatar image
0 Votes"
Sumarigo-MSFT answered Sumarigo-MSFT edited

@XinmingZhuo-4279 Status: AuthorizationPermissionMismatch|This request is not authorized to perform this operation using this permission.

It's like the oauth token isn't getting set correctly when trying to use that as the authentication mechanism also (re generate the SAS token and also cross verify allowed permissions)

Refer to the suggestion mentioned in this GitHub link and let me know the status

Reference: https://github.com/Azure/azure-storage-azcopy/issues/452#issuecomment-503812803
https://github.com/Azure/azure-storage-azcopy/issues/819
https://github.com/Azure/azure-storage-azcopy/issues/122

Note: Every request made by the user to access/modify data from a storage account must be authenticated/authorized unless the resource being accessed is public resource.

Now there are two broad categories of Authn/AuthZ we support :-

Signature Based Auth:- Shared Key and Shared Access Signature (SAS).
SAS avoids authentication as a specific user and grants restricted access rights to the resource. So the user gets granular level resource access in storage account without hampering security. You can create a SAS key for a resource from Azure_Portal/Storage_Explorer/REST_API etc. So, your copy request will look like
azcopy cp "/path/to/file.txt" "https://[account].blob.core.windows.net/[container]/[path/to/blob]?[SAS]
Please read this for more information.

Identity Based Auth:- Azure AD and Anonymous(Public) Access.
Azure AD is OAuth based token used for AuthN. A user can identify itself by running azcopy login command (OAuth Token). A user is assigned roles which essentially control access-rights such as read, modify, delete etc. Please read this for more information.

For work around you can refer to this GitHub link

Please let us know if you have any further queries. I’m happy to assist you further.
Looking forward for your reply!


Please do not forget to 138065-image.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



image.png (1.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.