如何使用签名版本4生成AWS S3预签名URL [英] How to generate AWS S3 pre-signed URL using signature version 4

查看：950 发布时间：2020/5/31 20:10:37 c# amazon-s3 .net-core aws-sdk aws-kms

本文介绍了如何使用签名版本4生成AWS S3预签名URL的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用AWSSDK.S3（3.3.31.11）在C＃.NET Core 2.0 API控制器类中生成一个预签名的URL。客户端Angular应用程序将使用生成的URL将文件上传到使用SSE-KMS加密的S3存储桶。尽管S3Client报告SignatureMethod为 HmacSHA256，SignatureVersion为 4，但是当我尝试使用预签名的URL上传文件时，我收到一条错误消息，指出使用AWS KMS托管密钥指定服务器端加密的请求需要AWS Signature版本4。

I am generating a pre-signed URL in a C# .NET Core 2.0 API controller class using the AWSSDK.S3 (3.3.31.11). The resulting URL is intended to be used by a client side Angular application to upload a file to an S3 bucket that is encrypted using SSE-KMS. Although the S3Client reports that the SignatureMethod is "HmacSHA256" and SignatureVersion is "4", when I try to upload a file using the pre-signed URL I get an error indicating "Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4."

正在将S3Client作为对控制器类的依赖项进行注入。 .NET Core DI框架使用config.json文件中的配置设置来管理对象的实例化。

The S3Client is being injected as a dependency to the controller class. Instantiation of the object is managed by .NET Core DI framework using configuration settings in a config.json file:

{
    ...
    "AWS": {
        "Profile": "default",
        "Region": "us-east-1"
    }
    ...
}

我正在使用curl测试预签名的URL：

I am testing the pre-signed URL using curl:

curl -H "Content-Type: application/pdf" -H "x-amz-server-side-encryption: aws:kms" -H "x-amz-server-side-encryption-aws-kms-key-id: {kms-key-id}" -k -T "filename.pdf" "https://mybucketname.s3.amazonaws.com/filename.pdf?AWSAccessKeyId={keyid}&Expires={expires}&x-amz-security-token={token}&Signature={signature}"

我发现，如果不包含 Content-Type标头，则会收到 SignatureDoesNotMatch错误代码，而不是 InvalidArgument错误代码错误。

I've discovered that if I don't include the "Content-Type" header I receive a "SignatureDoesNotMatch" error code, rather than the "InvalidArgument" error.

以前，使用默认AES-256加密对S3存储桶，只是在转换为SSE-KMS时才遇到此问题。

This process had been working previously when using default AES-256 encryption for the S3 bucket, it is only in converting to SSE-KMS that I have encountered this problem.

// Controller Class
private readonly IAmazonS3 _s3Client;

public MyController(IAmazonS3 s3Client)
{
    _s3Client = s3Client;
}

[HttpPost]
public async Task<IActionResult> GetPreSignedUrl([FromBody] FileInfoDto fileInfo)
{
    ...
    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest
    {
        BucketName = bucketName, 
        Key = fileInfo.name, 
        Verb = HttpVerb.PUT,
        ContentType = fileInfo.contentType, 
        Expires = DateTime.Now.AddMinutes(5),
        ServerSideEncryptionKeyManagementServiceKeyId = keyId, 
        ServerSideEncryptionMethod = ServerSideEncryptionMethod.AWSKMS
    };

    try
    {
        url = _s3Client.GetPreSignedURL(request);
    }
    ...
}

// Startup Class
public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddDefaultAWSOptions(_config.GetAWSOptions());
    services.AddAWSService<IAmazonS3>();
    ...
}

使用curl和pre上传文件时控制器方法生成的签名URL，我得到一个响应错误代码 InvalidArgument和消息使用AWS KMS托管密钥指定服务器端加密的请求需要AWS Signature版本4。但是，S3Client报告SignatureVersion为 4。

When uploading the file using curl and the pre-signed URL that was generated by the controller method, I am getting a response error code of "InvalidArgument" and message "Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4." However, the S3Client reports that SignatureVersion is "4".

为了使用签名版本4生成预签名URL，我应该做些什么？

What should I be doing differently in order to generate the pre-signed URL using signature version 4?

如何使用签名版本4生成AWS S3预签名URL [英] How to generate AWS S3 pre-signed URL using signature version 4

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

如何使用签名版本4生成AWS S3预签名URL [英] How to generate AWS S3 pre-signed URL using signature version 4

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录关闭