none
The X-CSRF-Signature header could not be validated RRS feed

  • Question

  • Hi,

    I have a student that has this question:

    "I assume I'm supposed to use the SQL database created in mod 2 to do this exercise but I cant log in after creating it as i get the following error:

    The X-CSRF-Signature header could not be validated.

    I did apply the firewall settings to the server, database and my PC. I've been at this for hours." He does not have admin rights. He should be using SSMS for connecting to SQL Server DB not using REST API.


    Friday, August 23, 2019 4:27 PM

All replies

  • Hi Stephan,

    Have you or can you download and install the SSMS client? Also, are you following a specific tutorial that you can reference? 

    As for the X-CSRF signature header issue, this is being experienced by others but I have not been able to identify root cause. Can you detail the browser you are using and possibly, can you delete or clear the cookies for portal.azure.com?

    To download and install the SSMS client, as this will get you around the issue if the above recommendation does not resolve the issue:

    Download SQL Server Management Studio (SSMS) (link)

    Regards,

    Mike

    Saturday, August 24, 2019 1:04 AM
    Moderator
  • Hi Stephan,

    Did this get resolved?

    Basically, this is what is going on:

    For error messages relating to the “X-CSRF-Signature header” validation -

    This header is created and validated to prevent a certain type of attack against your Azure SQL Servers.  Specifically, some web browsers can save your passwords which might then allow an attacker who doesn’t know the password to issue queries using the remembered password.  In order to prevent this type of attack, known as Cross Site Request Forgery (CSRF), we attach this little bit of extra data, called the “CSRF Signature”.  This signature proves that the credentials were known at the time of the request, not just remembered by the browser.

     

    This security mechanism requires that your clocks are synchronized to within 5 minutes of our servers, to prevent replay attacks with old CSRF signatures.

    Please ensure that your clock is set to the correct time, as this is the most likely cause for the error message you observed.


    Please make sue that your client and/or proxy is not causing a timestamp issue. The proxy would come into play when attempting to connect from the workplace. If you could try to connect from home or from outside your workplace LAN. 

    Please do let us know if this was resolved or are needing additional assistance.

    Regards,

    Mike

    Friday, September 6, 2019 4:21 PM
    Moderator
  • Hi

    One of the customers completed an experiment and found the issue is with Proxy connection interaction with TLS.

    Here are the results:

    Also the product team is aware of the issue and will try to fix this by end of Sept 2019.

    Thanks
    Navtej S

    Thursday, September 12, 2019 4:36 PM
    Moderator
  • Hi 

    The issue was coming when customer use proxy network to open the portal and when TLS enabled.

    The issue is caused by a code bug, when signing X-CSRF Azure was using list of headers that was sent from customer and on Azure side it was checked again that list is the same. But some of the proxies and browsers can delete some of the request headers, so PG team deleted one of the request headers that was redundant and was sometimes cleaned by proxy or browser. The product group developers have made code fix for this issue and the fix will be deployed worldwide soon.  

    So if the issue has resolved for you, please mark this reply as an answer so it can help other users.

    Thanks
    Navtej S

    Tuesday, September 17, 2019 4:46 PM
    Moderator
  • Hello,

    Is this bug fixed? I cannot able to login. I did nothing fancy except enable the static IP in the firewall settings. I have deleted the firewall config, but still cannot login. I got the same message that others are seeing.

    This is from Azure portal


    • Edited by denrama Friday, November 8, 2019 12:58 PM
    Friday, November 8, 2019 12:56 PM
  • I am following up with an internal team to fond out. Thank you for letting us know this is still an issue. 

    Regards,

    Mike

    Friday, November 8, 2019 11:33 PM
    Moderator
  • One way to address this is to change your connection mode from Proxy to Redirect. Please the following: Change Azure SQL Database connection policy

    The issue hinges on a 3rd party proxy server that is handling your connectivity (corporate firewall) and is causing the exception. The solution is to change from Proxy mode to Redirect mode. 

    Please let me know if this resolves your issue, or not. 

    Thank you,

    Mike

    Saturday, November 9, 2019 12:41 AM
    Moderator