如何在Python中为Azure Blob存储SAS令牌生成签名? [英] How do you generate the signature for an Azure Blob storage SAS token in Python?
问题描述
My string to sign looks like:
r\n
2016-12-22T14%3A00%3A00Z\n
2016-12-22T15%3A00%3A00Z\n
%2Fblob%2Fmytest%2Fprivatefiles%2F1%2Fqux.txt\n
\n
\n
https\n
2015-12-11\n
\n
\n
\n
\n
_
为了清楚起见,我添加了换行符,最后一行应该是空行(末尾没有换行符).
I've added the newline symbols for clarity and the last line is supposed to be an empty line (with no newline at the end).
我用来对字符串进行签名的Python方法是:
The Python method I use for signing the string is:
def sign(self, string):
hashed = hmac.new(base64.b64decode(self.account_key), digestmod=sha256)
hashed.update(string)
base64_str = base64.encodestring(hashed.digest()).strip()
return base64_str
我构建的最终URL如下:
The final URL I build looks like:
Still, the URL fails with a 403. Any idea on what I am doing wrong?
推荐答案
Based on the documentation (Please see Constructing the Signature String section), the parameters passed to string to sign must be URL decoded. From the link:
要构造共享访问签名的签名字符串,请首先 从包含请求的字段中构造要签名的字符串, 然后将字符串编码为UTF-8,并使用 HMAC-SHA256算法. 请注意,符号字符串中包含的字段 必须使用网址解码.
To construct the signature string of a shared access signature, first construct the string-to-sign from the fields comprising the request, then encode the string as UTF-8 and compute the signature using the HMAC-SHA256 algorithm. Note that fields included in the string-to-sign must be URL-decoded.
请在字符串中使用未编码的参数值进行签名,这应该可以解决问题.
Please use un-encoded parameter values in your string to sign and that should fix the problem.
这篇关于如何在Python中为Azure Blob存储SAS令牌生成签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
