Azure error madness

Dear Diary,

Recently, we’ve been building an application that utilizes the Azure Translation service to translate user documents. Once a document is uploaded to the application, it is stored in Azure Blob Storage. In the translation job, a link to the file is passed to the translator.

What could go wrong?

Everything seemed to be working well until some developers started getting an InvalidDocumentAccessLevel error, while others had no issues. The detailed error message reported: "Cannot access source document location with the current permissions."

Some errors are not what they seem to be.

We started investigating the permissions and access between the services. In the meantime, we discovered that a local hotfix was possible by generating a document URL with a SAS token (access token). That confirmed our suspicion that the issue was related to permissions.

What was the actual issue?

After some time, we noticed that files without spaces in their names were working fine. Diving deeper into this direction, it became clear that the issue was with file path encoding—the file name wasn’t being escaped to URL format, while elsewhere in the code, an escaped path was expected.

The result was a document path mismatch—pointing the service to a non-existing storage path (e.g., ../document 08.docx vs ../document%2008.docx). Due to security measures that prevent path guessing, Azure Storage reported a permissions error instead.