使用访问密钥的REST Api至Azure Blob存储 [英] REST Api to Azure blob storage using Access key
问题描述
我们正尝试在不使用Azure SDK的情况下从天蓝色blob存储访问blob,
我们试图通过Azure REST API通过共享密钥进行访问,为此,我们需要生成Authorization标头,但是当我尝试根据访问密钥创建签名时,出现以下错误
服务器无法验证请求.请确保正确构成Authorization标头的值,包括签名."
在HTTP请求密钥哈希"中找到的MAC签名与任何计算出的签名都不相同"
需要帮助来生成正确的授权标头,我们已经遵循了文档
We are trying to access the blobs from azure blob storage without using the Azure SDK,
we are trying to access through the shared key by Azure REST API, for that we need to generate the Authorization header, but when I try to create a signature from the Access key I am getting the following error
"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."
"The MAC signature found in the HTTP request 'key hash' is not the same as any computed signature"
Need help to generate proper authorization header, we have followed the documentation
https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
We have tried in postman as well, and we are getting the same error.
string signWithAccountKey(string stringToSign, string accountKey)
{
var hmacsha = new System.Security.Cryptography.HMACSHA256();
hmacsha.Key = Convert.FromBase64String(accountKey);
var signature = hmacsha.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
return Convert.ToBase64String(signature);
}
The MAC signature found in the HTTP request 'key hash' is not the same as any computed signature
I write the code below for List Blobs api. You can follow/modify my code and try to use other blobs api.
class Program
{
static void Main(string[] args)
{
ListBlobs();
Console.WriteLine("done");
Console.ReadLine();
}
static void ListBlobs()
{
string Account = "xxxx";
string Key = "xxxx";
string Container = "aa1";
string apiversion = "2018-03-28";
DateTime dt = DateTime.UtcNow;
string StringToSign = String.Format("GET\n"
+ "\n" // content encoding
+ "\n" // content language
+ "\n" // content length
+ "\n" // content md5
+ "\n" // content type
+ "\n" // date
+ "\n" // if modified since
+ "\n" // if match
+ "\n" // if none match
+ "\n" // if unmodified since
+ "\n" // range
+ "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:"+apiversion+"\n" // headers
+ "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);
string auth = SignThis(StringToSign, Key, Account);
Console.WriteLine($"the date is: {dt.ToString("R")}");
Console.WriteLine($"the auth token is: {auth}");
Console.WriteLine("*********");
string method = "GET";
string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
Uri uri = new Uri(urlPath);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-date", dt.ToString("R"));
request.Headers.Add("x-ms-version", apiversion);
request.Headers.Add("Authorization", auth);
Console.WriteLine("***list all the blobs in the specified container, in xml format***");
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
Console.WriteLine(reader.ReadToEnd());
}
}
}
private static String SignThis(String StringToSign, string Key, string Account)
{
String signature = string.Empty;
byte[] unicodeKey = Convert.FromBase64String(Key);
using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
{
Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
}
String authorizationHeader = String.Format(
CultureInfo.InvariantCulture,
"{0} {1}:{2}",
"SharedKey",
Account,
signature);
return authorizationHeader;
}
}
Test result in visual studio, and in postman:
这篇关于使用访问密钥的REST Api至Azure Blob存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
