Cosmos DB通过未经授权的RESTful调用运行存储的查询. [英] Cosmos DB Run Stored Query through RESTful Call Unauthorized.
问题描述
我正在使用此代码生成令牌.我刚刚更改了令牌生成的示例代码,也将日期返回给了我,因为我必须在请求中发送该日期.
I'm using this code to generate my token. I've just barely changed the sample code for token generation to also return the date to me because I have to send that in the request.
var crypto = require("crypto");
var inputKey = "my-key-from-azure"; // Have tried both primary and secondary master keys from cosmos db
var today = new Date().toUTCString();
console.log(today);
console.log(getAuthorizationTokenUsingMasterKey("POST", "dbs", "dbs/ToDoList", today, inputKey));
function getAuthorizationTokenUsingMasterKey(verb, resourceType, resourceId, date, masterKey)
{
var key = new Buffer(masterKey, "base64");
var text = (verb || "").toLowerCase() + "\n" + (resourceType || "").toLowerCase() + "\n" + (resourceId || "") + "\n" +
date.toLowerCase() + "\n" + "" + "\n";
var body = new Buffer(text, "utf8");
var signature = crypto.createHmac("sha256", key).update(body).digest("base64"); var MasterToken = "master";
var TokenVersion = "1.0";
return encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + signature);
}
这是请求标头.对于x-ms-date,我的数据库是在此之后(最新版本)创建的,因此我假定它使用的是该版本;我可以以某种方式验证吗?
Here are the request headers. For the x-ms-date, my DB was created after this, the latest version, so I assume it uses this version; can I verify this somehow?
{
Authorization: [my-auth-string],
x-ms-version: "2017-02-22",
x-ms-date: "Fri, 05 Oct 2018 19:06:17 GMT",
Content-Type: application/json
}
但是我收到一条错误消息,抱怨我的令牌的有效性.
But I'm getting back an error message that is complaining about the validity of my token.
{
"code": "Unauthorized",
"message": "The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'post\nsprocs\ndbs/metrics/colls/LoungeVisits/sprocs/calculateAverage\nfri, 05 oct 2018 19:06:17 gmt\n\n'\r\nActivityId: 41cd36af-ad0e-40c3-84c8-761ebd14bf6d, Microsoft.Azure.Documents.Common/2.1.0.0"
}
据我从文档中得知,有效负载是根据预期的协议构建的.
这些文档是:执行存储过程,通用请求标头,访问控制(我想不能链接到它们,因为我的帐户尚未通过验证).该请求是使用邮递员发送的,我将脚本生成的值直接复制到其中.做
有人知道我在做什么错吗?
The payload was built according to the expected protocol, as far as I can tell from the docs.
The docs are: Execute a stored procedure, Common Request Headers, Access Control (I can't link to them because my account isn't verified yet, I suppose). The request is sent using postman, and I'm copying the values my script generates directly into it. Does
anyone know what I am doing wrong?
推荐答案
Jaredad7,
Hi Jaredad7,
您要使用主密钥还是用户令牌?
Are you attempting to use the Master Key or the User Token?
此处包含原始海报的链接 :
Included links here for the original poster:
这篇关于Cosmos DB通过未经授权的RESTful调用运行存储的查询.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
