Azure存储SAS身份验证失败 [英] Azure Storage SAS AuthenticationFailed
问题描述
我有一个私有的azure存储容器,正在试用azure存储SAS,以便可以上载和下载文件.我能够生成签名,但是它总是抛出身份验证失败"错误
I have a private azure storage container and am trying out azure storage SAS, so that I can upload and download files. I am able to generate the signature, but it always throws me the Authentication Fail error
AuthenticationFailed服务器无法验证请求.确保Authorization标头的值格式正确,包括签名.RequestId:a9dce486-0001-0021-23f7-d8f6dc000000时间:2017-05-30T03:45:56.6617677Z签名不匹配.用于签名的字符串是r 2017-05-30T03:40:48Z 2017-05-30T03:55:48Z/blob/{myaccount}/{mycontainer}/11e1575f-d3ad-40cc-b1ce-32e24dc20324.jpg
AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:a9dce486-0001-0021-23f7-d8f6dc000000 Time:2017-05-30T03:45:56.6617677Z Signature did not match. String to sign used was r 2017-05-30T03:40:48Z 2017-05-30T03:55:48Z /blob/{myaccount}/{mycontainer}/11e1575f-d3ad-40cc-b1ce-32e24dc20324.jpg
2016-05-31
2016-05-31
这是我拥有的代码,该代码生成供我使用的签名,并返回完整的URI以访问文件.
This is the code I have which generates a signature for me to use, and returns the full URI to access the file.
var accountAndKey = new StorageCredentials("******", "*********************");
var storageAccount = new CloudStorageAccount(accountAndKey, true);
var sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5);
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(10);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("*****");
CloudBlockBlob blockBlob = container.GetBlockBlobReference("11e1575f-d3ad-40cc-b1ce-32e24dc20324.jpg");
var sasBlobToken = blockBlob.GetSharedAccessSignature(sasConstraints);
var sas = blockBlob.Uri + sasBlobToken;
return sas;
这是它生成的签名
?sv = 2016-05-31& sr = b& sig = 9fUwDWfdtUifv9iZXJKgILEM7Yx1uP3Ku0vrspjWyz8%3D& st = 2017-05-30T03%3A40%3A43Z& se = 2017-05-30T03%R <3A5/p>
?sv=2016-05-31&sr=b&sig=9fUwDWfdtUifv9iZXJKgILEM7Yx1uP3Ku0vrspjWyz8%3D&st=2017-05-30T03%3A40%3A43Z&se=2017-05-30T03%3A55%3A43Z&sp=r
我使用Azure门户生成签名,并且工作正常.我附加了它,并能够照常下载文件.这是它生成的签名
I used the Azure portal to generate the signature and it works fine. I append it and am able to download the file as usual. This is the signature it generates
?sv = 2016-05-31& ss = b& srt = sco& sp = r& se = 2017-05-30T03:57:25Z& st = 2017-05-30T03:52:25Z& spr =https& sig = JOnhkge0QWNdv8sXJjb5GazTo9c34KH1IvZBvcNgjHo%3D
?sv=2016-05-31&ss=b&srt=sco&sp=r&se=2017-05-30T03:57:25Z&st=2017-05-30T03:52:25Z&spr=https&sig=JOnhkge0QWNdv8sXJjb5GazTo9c34KH1IvZBvcNgjHo%3D
我高度怀疑它与时间戳有关.因为我可以看到从代码生成的内容和从门户生成的内容之间在时间戳上有所不同.
I highly suspect its an issue with the timestamp. Because I can see some differences in the timestamp between what I generate from the code, and what is generated from the portal.
任何想法都值得赞赏.谢谢.
Any ideas is much appreciated. Thanks.
编辑我更新了代码,将其添加了一天,直到到期,并删除了开始时间,这是现在的签名
EDIT I updated the code to add one day till expiry and removed the start time, this is the signature now
?sv = 2016-05-31& sr = b& sig = 73m3%2Bj%2BUsFk537vd8a7F%2BdpdON1Pg2RZ1IRynMH4zGA%3D& se = 2017-05-31T06%3A12%3A07Z& sp = r
?sv=2016-05-31&sr=b&sig=73m3%2Bj%2BUsFk537vd8a7F%2BdpdON1Pg2RZ1IRynMH4zGA%3D&se=2017-05-31T06%3A12%3A07Z&sp=r
但是它仍然不允许我下载文件.相同的错误消息.
but it still doesnt allow me to download the file. Same error message.
签名不匹配.用于签名的字符串是r 2017-05-31T06:12:07Z/blob/{MyAcc}/{My Container}/11e1575f-d3ad-40cc-b1ce-32e24dc20324.jpg 2016-05-31
Signature did not match. String to sign used was r 2017-05-31T06:12:07Z /blob/{MyAcc}/{My Container}/11e1575f-d3ad-40cc-b1ce-32e24dc20324.jpg 2016-05-31
推荐答案
我也无法使用代码重现该问题.这是一种无需使用GetSharedAccessSignature方法即可生成SAS的方法.请尝试一下,然后检查它是否可以在您身边使用.
I also can't reproduced the issue using the code. Here is a method which could generate SAS without using the GetSharedAccessSignature method. Please try it and check whether it can work on your side.
private static string GetSharedAccessSignature(
string accountName,
string accountkey,
string blobContainer,
string blobName,
DateTimeOffset sharedAccessStartTime,
DateTimeOffset sharedAccessExpiryTime)
{
var canonicalNameFormat = $"/blob/{accountName}/{blobContainer}/{blobName}";
var st = sharedAccessStartTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var se = sharedAccessExpiryTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var sasVersion = "2016-05-31";
string stringToSign = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}", new object[]
{
"r",
st,
se,
canonicalNameFormat,
string.Empty,
string.Empty,
string.Empty,
sasVersion,
string.Empty,
string.Empty,
string.Empty,
string.Empty,
string.Empty
});
var sas = GetHash(stringToSign, accountkey);
var credentials =
$"?sv={sasVersion}&sr=b&sig={UrlEncoder.Default.Encode(sas)}&st={UrlEncoder.Default.Encode(st)}&se={UrlEncoder.Default.Encode(se)}&sp=r";
string blobUri = $"https://{accountName}.blob.core.windows.net/{blobContainer}/{blobName}";
return blobUri + credentials;
}
private static string GetHash(string stringToSign, string key)
{
byte[] keyValue = Convert.FromBase64String(key);
using (HMACSHA256 hmac = new HMACSHA256(keyValue))
{
return Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
}
}
这篇关于Azure存储SAS身份验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
