如何使用Powershell使用共享密钥为Azure文件共享构造授权标头 [英] how to construct authorization header for Azure File share with shared key using powershell

问题描述

我正在尝试使用共享密钥作为身份验证从Azure File share rest api获取共享统计信息，但似乎无法弄清楚授权标头

  $ storageAccount ='XXXX'$ key ='XXXXXXXX'$ resource ='FileShare'$ sharedKey = [System.Convert] :: FromBase64String($ Key)$ date = [System.DateTime] :: UtcNow.ToString("R")$ stringToSign ='GET`n`n`n`n`n`n`n`n`n`n`nx-ms-date:$ date`nx-ms-type:file`nx-ms-版本:2017-04-17`n/$ storageAccount/$ resource`nrestype:share"$ hasher =新对象System.Security.Cryptography.HMACSHA256$ hasher.Key = $ sharedKey$ signedSignature = [System.Convert] :: ToBase64String($ hasher.ComputeHash([System.Text.Encoding] :: UTF8.GetBytes($ stringToSign)))$ authHeader ="SharedKey $ {StorageAccount}:$ signedSignature"；$ headers = @ {"x-ms-date" = $ date"x-ms-version" ="2009-09-19"；" Authorization" = $ authHeader}$ URI ="https://$storageAccount.file.core.windows.net/FileShare?restype = share& comp = stats"$ sharestats = Invoke-RestMethod-方法GET -Uri $ URI -Headers $ headers出现以下错误Invoke-RestMethod:AuthenticationFailedServer无法验证要求.确保Authorization标头的值格式正确包括签名.申请编号:775d1220-801a-0183-1c21-813f18000000时间:2020-09-02T12:06:23.5857168Z在HTTP请求中找到的MAC签名'ZIDwiCzzRcqJuIUbtGXUSC + jZ1tXgwnyZaIH12FXXXX ='与任何计算得出的结果都不相同签名.服务器使用以下字符串进行签名:'GETx-ms-date:2020年9月2日，星期三，格林尼治标准时间x-ms-version:2009-09-19/storageaccount/filesharecomp:stats重新输入:共享".在线:30字符:15+ ... harestats = Invoke-RestMethod-方法GET -Uri $ URI -Headers $ header ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo:InvalidOperation:(System.Net.HttpWebRequest:HttpWebRequest)[Invoke-RestMethod]，WebException+ FullyQualifiedErrorId:WebCmdletWebResponseException，Microsoft.PowerShell.Commands.InvokeRestMethodCommand 

参考文献:

I am trying to get share stats from Azure File share rest api with shared key as authentication but cant seems to be figure out authorization header

$storageAccount = 'XXXX'
$key = 'XXXXXXXX'
$resource = 'FileShare'

$sharedKey = [System.Convert]::FromBase64String($Key)
$date = [System.DateTime]::UtcNow.ToString("R")

$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`nx-ms-date:$date`nx-ms-type:file`nx-ms-version:2017-04-17`n/$storageAccount/$resource`nrestype:share"

$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey

$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))

$authHeader = "SharedKey ${StorageAccount}:$signedSignature"

$headers = @{"x-ms-date"=$date
             "x-ms-version"="2009-09-19"
             "Authorization"=$authHeader}
$URI = "https://$storageAccount.file.core.windows.net/FileShare?restype=share&comp=stats"

$sharestats = Invoke-RestMethod -method GET -Uri  $URI -Headers $headers


Getting following error


Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the 
request. Make sure the value of Authorization header is formed correctly 
including the signature.
RequestId:775d1220-801a-0183-1c21-813f18000000
Time:2020-09-02T12:06:23.5857168ZThe MAC signature found in the HTTP request 
'ZIDwiCzzRcqJuIUbtGXUSC+jZ1tXgwnyZaIH12FXXXX=' is not the same as any computed 
signature. Server used following string to sign: 'GET
x-ms-date:Wed, 02 Sep 2020 12:06:23 GMT
x-ms-version:2009-09-19
/storageaccount/fileshare
comp:stats
restype:share'.
At line:30 char:15
+ ... harestats = Invoke-RestMethod -method GET -Uri  $URI -Headers $header ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:Htt 
   pWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe 
   ll.Commands.InvokeRestMethodCommand

Reference : https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key and https://docs.microsoft.com/en-us/rest/api/storageservices/get-share-stats

解决方案

According to the error message, you should remove "x-ms-type:file" and add comp:stats in the stringToSign .

For example

$storageAccount = "andyprivate"
$accesskey = "h4pP1fe76m8hdksFW3TvkO6hgw09Mjue7yJOnULPI/g2eU8LGJ+a6k6SrU6dUkOU77waZfU8CacyVMlTWAUA5A==";
$resource = 'share2'
$version="2017-04-17"

$date = [System.DateTime]::UtcNow.ToString("R",[Globalization.CultureInfo]::InvariantCulture)

$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`n"+
           "x-ms-date:$date`nx-ms-version:$version`n" +
           "/$storageAccount/$resource`ncomp:stats`nrestype:share" 
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Convert]::FromBase64String($accesskey)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signature = [Convert]::ToBase64String($signature)

$headers=@{"x-ms-date"=$date;
           "x-ms-version"= $version;
           "Authorization"= "SharedKey $($storageAccount):$signature"
}
$URI = "https://$storageAccount.file.core.windows.net/$($resource)?restype=share&comp=stats"

$response = Invoke-RestMethod $URI -Method 'GET' -Headers $headers -UseBasicParsing

$response

这篇关于如何使用Powershell使用共享密钥为Azure文件共享构造授权标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！