如何获取Azure存储帐户密钥 [英] How to get Azure Storage Account Key

问题描述

我想使用C#将文件上传到自动生成的Azure存储帐户(作为Service Fabric资源组的一部分，具有已知名称).

I want to upload a file to an Azure Storage account that is automatically generated (As part of a Service Fabric resource group, with a known name), using C#.

我需要将文件上传为Blob，以使其可以公开使用.

I need to upload the file as a blob to allow it to be publicly available.

本教程使用.NET使用Azure Blob存储入门使用存储在App.config文件中的连接字符串. 由于我要使用要生成的存储帐户，因此无法使用这种方法.

The tutorial Get started with Azure Blob storage using .NET uses a connection string stored in the App.config file. Since I want to use the to-be-generated storage account, I can't use such a method.

首选方法是以某种方式使用用户的AD来获取存储帐户的密钥.

The prefered method is using the user's AD somehow in order to get the key of the storage account.

此链接:获取存储帐户密钥显示了如何用Rest请求来获取它，所以我想有一种使用C#代码来实现它的方法.

This link: Get Storage Account Key shows how to GET it with a Rest request, so I guess there is a way to do it using C# code.

在我看来，该解决方案正在使用StorageManagementClient

It seems to me, that the solution is using the StorageManagementClient class, which has a StorageAccounts property, though I could not find a way to authenticate it using AzureAd.

我尝试使用 AuthenticationContext.AcquireTokenAsync ，并获得令牌对于不同的资源，例如:https://management.azure.com/，但是在使用令牌时，出现以下错误:

I tried using AuthenticationContext.AcquireTokenAsync, and aquiring a token for diffenent resources, for instance: https://management.azure.com/, but when using the token, I get the following error:

Microsoft.WindowsAzure.CloudException: AuthenticationFailed: The JWT token does not contain expected audience uri 'https://management.core.windows.net/'.

使用资源https://management.core.windows.net/时，出现另一个错误:

When using the resource https://management.core.windows.net/ I get a different error:

Microsoft.WindowsAzure.CloudException: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

我应该使用不同的资源，不同的方法，还是不可能?

Is there a different resource I should use, different method, or maybe it's impossible?

推荐答案

要使用存储服务管理REST ，我们需要将资源指定为https://management.core.windows.net/而不是https://management.azure.com/.这是使用经典存储帐户来操作的.

To use the Storage Service Management REST, we need to specify the resource to https://management.core.windows.net/ instead of https://management.azure.com/. And this is using the operate the classic storage account.

https://management.azure.com/是 Azure REST服务的新端点.如果要处理新的存储帐户，则需要使用此资源.以下是使用新的Azure REST的示例供您参考:

The https://management.azure.com/ is the new endpoint for the Azure REST service. If you want to handle the new storage account, you need to use this resource. And below is a sample using the new Azure REST for your reference:

POST: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resrouceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}/listKeys?api-version=2016-01-01
Authorization: Bearer {token}

这篇关于如何获取Azure存储帐户密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！