如何生成pre-签署Amazon S3的网址为虚荣心域，使用Amazon SDK？ [英] How to generate pre-signed Amazon S3 url for a vanity domain, using amazon sdk?

问题描述

我有一个S3桶称为foo.example.com，这是所有CNAMEd正确。

I have an s3 bucket called foo.example.com, which is all CNAMEd correctly.

我切换到最新的AWS .NET SDK。

I'm switching to the latest AWS .net SDK.

我希望生成pre签署的网址，如：

I wish to generate pre signed url like:

http://foo.example.com/myfile.txt?s3_params_here

请注意虚荣的cname那里。

Note the vanity cname there.

我有：

string bucketName = "foo.example.com";

AmazonS3Client s3Client = new AmazonS3Client("bar", "xxx",
    new AmazonS3Config
    {
        ServiceURL = bucketName, 
        CommunicationProtocol = Protocol.HTTP
    });


string key = "myfile.txt";


GetPreSignedUrlRequest request = new GetPreSignedUrlRequest()
.WithBucketName(bucketName)
.WithKey(key)
.WithExpires(DateTime.Now.AddMinutes(5))
.WithProtocol(Protocol.HTTP);

string url = s3Client.GetPreSignedURL(request);

网址我得到的是这样的：

the url I get is something like:

<一个href="http://foo.example.com.foo.example.com/myfile.txt?AWSAccessKeyId=bar&Expires=1331069777&Signature=234KoUUvfE1nCcs2vLj9RQUhqF8%3D" rel="nofollow">http://foo.example.com.foo.example.com/myfile.txt?AWSAccessKeyId=bar&Expires=1331069777&Signature=234KoUUvfE1nCcs2vLj9RQUhqF8%3D

这显然是错误的。

我尝试过不同的变化与serviceURL中，bucketname等的布赫，但似乎没有任何工作。

I've tried a buch of different variations with ServiceURL, bucketname, etc, but nothing seems to work.

我找不到任何好的文档 - 是什么？这样做的正确方法

I can't find any good documentation - what is the correct way to do this?

感谢。

推荐答案

我同时解决了矿山的矛盾测试结果，分别从非系统性测试和URL操作而干。下面的解决方法的伎俩对我来说（即测试和可重复的），简单地从你的解决方案启动：

Update [workaround]

I've meanwhile resolved the contradicting test results of mine, which stem from respectively unsystematic testing and URL manipulations. The following workaround does the trick for me (i.e. tested and reproducible), simply starting from your solution:

string bucketName = "foo.example.com";

// [...]

GetPreSignedUrlRequest request = new GetPreSignedUrlRequest()
    .WithBucketName(bucketName)
    .WithKey(key)
    .WithExpires(DateTime.Now.AddMinutes(32))
    .WithProtocol(Protocol.HTTP);

现在这会产生错误的URL以一个重复的域名，如 http://foo.example.com.foo.example.com/myfile.txt？[...]

Now this yields the erroneous URL with a duplicate domain name, i.e. http://foo.example.com.foo.example.com/myfile.txt?[...]

该副本可以简单地删除，虽然，例如：

The duplicate can simply be removed though, e.g.:

string url = s3Client.GetPreSignedURL(request);

// KLUDGE: remove duplicate domain name.
url = url.Replace(bucketName + "." + bucketName, bucketName);

这产生一个合适的工作pre-标识的URL对我来说（即 http://foo.example.com/myfile.txt？[...] ）由围绕遇到限制关于如下所述的所需的工作方法

This yields a proper working pre-signed URL for me (i.e. http://foo.example.com/myfile.txt?[...]) by working around the encountered limitation regarding the desired approach outlined below.

处理生成的URL像这样看起来很奇怪，但没有查询字符串身份验证的效果是符合了这些签名被创建，请参阅<一href="http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth"相对=nofollow>查询字符串请求验证替代，在那里你会找到的伪语法，说明查询字符串要求的验证方法的：

Manipulating the generated URL like so seems odd, but this not having an effect on the query string authentication is in line with how these signatures are created, see Query String Request Authentication Alternative, where you'll find the pseudo-grammar that illustrates the query string request authentication method:

StringToSign = HTTP-VERB + "\n" +
    Content-MD5 + "\n" +
    Content-Type + "\n" +
    Expires + "\n" +
    CanonicalizedAmzHeaders +
    CanonicalizedResource;    

也就是说，域名不用于签名制作可言，对于资源本身，而只是信息;部分的实例查询字符串请求验证的正下方所引用的伪语法片段说明了这与实际的资源。

That is, the domain name isn't used for the signature creation at all, rather only information regarding the resource itself; section Example Query String Request Authentication right below the referenced pseudo-grammar fragment illustrates this with an actual resource.

我不知道是否还有我方的误解，还是这也可能只是在的 AWS SDK的.NET ，如见<一href="http://stackoverflow.com/questions/9051650/why-is-my-s3-$p$p-signed-request-invalid-when-i-set-a-response-header-override-th">Why就是当我设置一个包含响应头覆盖我的S3 pre-签名的请求无效，一个+了相关的bug通过了类似的解决方法解决为好，这也同时被固定，虽然？;因此，这应该有可能升级到AWS论坛和/或支持渠道来获得一个合适的答案或解决方案。

I don't know whether there is still a misunderstanding on our part or whether this might just be a bug in the AWS SDK for .NET, see e.g. Why is my S3 pre-signed request invalid when I set a response header override that contains a "+"? for a related bug resolved via a similar workaround as well, which has meanwhile been fixed though; accordingly, this should likely be escalated to the AWS forums and/or support channels to get an appropriate answer or solution.

祝你好运！

在S3 CNAME处理意味着桶的名字了，所以你需要做的是从获取preSignedUrlRequest 删除你的水桶的名字，也就是说，它应该像这样

The S3 CNAME handling implies the bucket name already, so all you need to do is removing your bucket name from GetPreSignedUrlRequest, i.e. it should look like so:

GetPreSignedUrlRequest request = new GetPreSignedUrlRequest()
    .WithKey(key)
    .WithExpires(DateTime.Now.AddMinutes(5))
    .WithProtocol(Protocol.HTTP);

<打击>我测试过这个与我一桶和它的作品如预期一样如此。

这篇关于如何生成pre-签署Amazon S3的网址为虚荣心域，使用Amazon SDK？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！