TLS error when using HTTPS/TLS URL (not permitted for non-TLS protected (non-https) URLs.)

See original GitHub issue

Ubuntu 19.10 Linux rio-t460p 5.3.0-26-generic #28-Ubuntu SMP Wed Dec 18 05:37:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Python 3.7.5 azure-core==1.2.0 azure-identity==1.2.0 azure-storage-blob==12.1.0

Describe the bug When trying to do a batch delete blob using a blob client created using a HTTPS URL the code errors with:

“Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.” azure.core.exceptions.ServiceRequestError: Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.

This same blob client connection can successfully be used to list blobs in a container. The credentials used to create the client are service principal with rbac (client/secret/tenant) and the role is set to “Storage Blob Data Owner”.

Steps to reproduce Here is some example code to reproduce the error:

STORAGE_URL = 'https://' + STORAGE_ACCOUNT + '.blob.core.windows.net'
client_credentials = ClientSecretCredential(client_id=AZURE_CLIENT, client_secret=AZURE_SECRET, tenant_id=AZURE_TENANT)
blob_service_client = BlobServiceClient(account_url=STORAGE_URL, credential=client_credentials)
container_client = blob_service_client.get_container_client(STORAGE_CONTAINER)
def run_azure_blob_list():
  result = []
  blob_list = container_client.list_blobs(name_starts_with=STORAGE_FOLDER)
  for blob in blob_list:
    if blob.last_modified < IGNORE_DATE: 
      result.append([blob.name, blob.last_modified])
  return result
blob_list = run_azure_blob_list()
container_client.delete_blobs(*blob_list)

Container endpoint: print(container_client.primary_endpoint)

https://REDACTED.blob.core.windows.net/uploads

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:15 (12 by maintainers)

Top GitHub Comments

2reactions

lmazuelcommented, May 4, 2020

Released part of 12.3.1 (see tags of this commit)

0reactions

DroidUnknowncommented, Aug 4, 2021

No I was simply trying to setup Synapse using python SDK. This is my first time trying to do something on azure and did not really understand the details. https://management.azure.com works in this case. Thanks

Top Results From Across the Web

Bearer token authentication is not permitted for non TLS ...

When I try to register the user in production, I get the following error: Error loading external login information (Graph). System.

Security Guide for Cisco Unified Communications Manager ...

Security Guide for Cisco Unified Communications Manager, Release 12.5(1)SU2.

Networking 101: Transport Layer Security (TLS)

The SSL protocol was originally developed at Netscape to enable ecommerce transaction security on the Web, which required encryption to protect customers' ...

Administration Guide (Common Criteria Edition)

Using these clients without proper configuration is not allowed. ... access the server using TLS client certificate authentication (mutual authentication).

What is SSL, TLS and HTTPS? - DigiCert

What is SSL? SSL (Secure Sockets Layer) certificates are an integral part of website security. When you visit a website with SSL, the...