Azure Blob存储-更改容器的权限并使用SAS访问 [英] Azure Blob Storage - Changing permissions of a container and accessing with SAS
问题描述
我有一个Azure Blob容器,其中包含一些斑点.使用以下代码成功创建了容器:
I have an Azure Blob container which contains a few blobs. The container was created (successfully) with the code:
if (container.CreateIfNotExists())
{
var permissions = container.GetPermissions();
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
container.SetPermissions(permissions);
}
您会看到权限设置为私有(即PublicAccess为Off).
You'll see the permissions are set to private (i.e., PublicAccess is Off).
在我的代码的后半部分,我想使用SAS打开权限,到期时间为1 hour.为此,我正在使用代码:
In a later portion of my code, I would like to open the permissions using SAS, with an expiration of 1 hour. To attempt this, I am using the code:
if (container.Exists())
{
//Set the expiry time and permissions for the container.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List;
//Generate the shared access signature on the container, setting the constraints directly on the signature.
string sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return container.Uri + sasContainerToken;
}
但是,无论如何调整形状,当我将浏览器导航到返回的网址(即container.Uri + sasContainerToken)时,都会收到验证错误:
However, no matter how I shape it, when I navigate my browser to the returned url (i.e., container.Uri + sasContainerToken), I get an authentication error:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d7f89ef3-919b-4b86-9b4f-4a95273c20ff Time:2014-06-26T15:33:11.2754096Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rl 2014-06-26T16:32:02Z /mycontainer/$root 2014-02-14
</AuthenticationErrorDetail>
</Error>
任何人都可以向我提供有关为什么我看到此身份验证错误的任何指示吗?
Can anyone give me any pointers as to why I am seeing this authentication error?
我的最终URL格式正确吗?:
My final url looks like it is in the correct format?:
https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl
我很茫然,所以任何指针都将不胜感激.
I'm at a loss so any pointers would be greatly appreciated.
推荐答案
我也遇到了完全相同的错误:).您不能使用共享访问签名执行与容器相关的操作(列出Blob除外).您将需要使用帐户密钥对容器执行操作.在此页上: http://msdn.microsoft.com/zh-CN/library/azure/jj721951.aspx
I also faced the exact same error :). You can't do container related operations (with the exception of listing blobs) using Shared Access Signature. You would need to use account key for performing operations on a container. From this page: http://msdn.microsoft.com/en-us/library/azure/jj721951.aspx
使用共享访问签名支持的操作包括:
Supported operations using shared access signatures include:
-
读写页面或块的blob内容,块列表,属性和元数据
Reading and writing page or block blob content, block lists, properties, and metadata
删除,租赁和创建Blob快照
Deleting, leasing, and creating a snapshot of a blob
列出容器中的斑点
更新
要列出Blob,只需在您的URL中添加 &comp=list&restype=container 即可.因此,您的网址应为:
For listing blobs, just add &comp=list&restype=container to your URL and that should do the trick. So your URL should be:
https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl&comp=list&restype=container
这篇关于Azure Blob存储-更改容器的权限并使用SAS访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
