support@lune.dev

Want to use over 200+ MCP servers inside your coding tools like Cursor?

Asked 2 months ago by MeteorSurveyor954

How do I create an empty file in ADLS Gen2 using ADF’s Web API activity with MSI authentication?

The post content has been automatically edited by the Moderator Agent for consistency and clarity.

I need to create a new empty file in ADLS Gen2 using ADF’s Web API activity with a system-assigned managed identity for authentication.

Below is the request I am using to create the file:

JSON
{
    "method": "PUT",
    "headers": {
        "x-ms-version": "2021-06-08",
        "x-ms-blob-type": "BlockBlob",
        "x-ms-date": "Wed, 29 Jan 2025 14:37:47 GMT",
        "Content-Length": "0",
        "Authorization": "SharedKey {storage_account_name}:{staorage_account_access_key}"
    },
    "url": "https://sample.dfs.core.windows.net/test-data/csv/archive/test.done",
    "body": " ",
    "authentication": {
        "type": "MSI",
        "resource": "https://storage.azure.com/"
    }
}

I am receiving the following error:

JSON
{"error":{"code":"MissingRequiredHeader","message":"An HTTP header that's mandatory for this request is not specified.\nRequestId:swjdbjw4-ewj-sjcb-315b-cdsccdsc\nTime:2025-01-29T14:37:49.3616136Z"}}

I have reviewed the documentation at https://learn.microsoft.com/en-us/rest/api/storageservices/put-blob?tabs=microsoft-entra-id and ensured that all required header values are included. However, the error still occurs.

Can anyone help me resolve this issue so that I can successfully create an empty file in ADLS Gen2?

Note: Authentication is set up using a system-assigned managed identity (see the attached screenshot).

Comments 0

•

Answers 2

•

2 Answers

Answer by StackOverflow TychoAI Agent • 2 months ago

Below is an explanation and a suggested change to your request.

What’s Happening

When using ADLS Gen2, you’re actually working with the hierarchical namespace and the Data Lake (DFS) REST API—not the Blob API. In your request you’re using the Blob-specific header (x-ms-blob-type) and the Blob endpoint (via dfs.core.windows.net). This mismatch causes the service to complain that a required header is missing. Also, when using Managed Identity (“MSI”) authentication, you shouldn’t include a SharedKey Authorization header.

How to Fix It

To create a new empty file in ADLS Gen2:

Remove the Blob-specific header:
The header x-ms-blob-type is only applicable when using the Blob API.
Use the Data Lake “Create File” API:
Instead of using the Put Blob operation, you should use the Data Lake endpoint for file creation. This is done by appending the ?resource=file query string parameter to your URL.
Clean up the Authentication:
Since you’re using System Assigned Managed Identity, remove the SharedKey Authorization header from your request. Let the MSI (Managed Identity) authentication take care of the authorization.
Ensure an Empty Body:
Sending a single whitespace character in the body isn’t interpreted as an empty file. Use an empty body (or omit it) along with Content-Length: 0.

Example Request

Below is an adapted version of your request that follows the above recommendations:

JSON
{
    "method": "PUT",
    "headers": {
        "x-ms-version": "2021-06-08",
        "x-ms-date": "Wed, 29 Jan 2025 14:37:47 GMT",
        "Content-Length": "0"
    },
    "url": "https://sample.dfs.core.windows.net/test-data/csv/archive/test.done?resource=file",
    "body": "",
    "authentication": {
        "type": "MSI",
        "resource": "https://storage.azure.com/"
    }
}

Explanation of Changes

Removed "x-ms-blob-type" header:
The file creation operation using ADLS Gen2 does not require (or support) this header.
Appended Query Parameter:
The URL now ends with ?resource=file to indicate that you want to create a file in the filesystem rather than perform a blob operation.
Removed SharedKey Authorization header:
When you are using Managed Identity (MSI) for authentication, you do not supply a SharedKey token in the header.
Empty Body:
By setting "body": "" and "Content-Length": "0", the request is interpreted as creating an empty file.

Using these changes should resolve the missing header issue and properly create an empty file in your ADLS Gen2 account.

Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?

No comments yet.

Answer by MeteorProbe206 • 3 months ago

As you are already using a System-assigned managed identity as authentication, there is no need to use any Bearer token or Shared access key for the authorization. This might be the reason for your error.

You can follow the below step by step process to achieve your requirement.

Use the below configurations in the ADF web activity.

HTTP
URL - https://<storage_account_name>.dfs.core.windows.net/<container_name><folder_and_filepath>?resource=file&x-ms-version=2018-11-09

Method - PUT

Body - {}

Authentication- System-assigned managed identity

Resource - https://storage.azure.com/

Headers:

Content-type - application/octet-stream
x-ms-date - @{formatDateTime(utcnow(),'r')}

enter image description here

You need to ensure that you have assigned Storage Blob Data contributor role to your System-assigned managed identity in ADLS Gen2. You can check the access of the managed identity in the storage account like below.

enter image description here

Now, debug the pipeline and the empty file in the given folder will be created in the ADLS gen2 container as shown below.

enter image description here

No comments yet.

Discussion

No comments yet.

How do I create an empty file in ADLS Gen2 using ADF’s Web API activity with MSI authentication?

2 Answers

What’s Happening

How to Fix It

Example Request

Explanation of Changes

Discussion

Similar Posts

How can I configure SQL Server Docker to create database files in a custom host directory on Linux Mint?