microsoft azure表身份验证stringtosign错误 [英] microsoft azure table authentication stringtosign error

问题描述

我对天蓝色表分页查询的 stringtosign 身份验证遇到问题.

I am having a problem with stringtosign authentication for azure table pagination query.

这是当前使用的 stringtosign im:

This is the current stringtosign im using :

GET\n\n\nFri, 05 Sep 2014 03:57:11 GMT\n/mystorageaccount/mytablename\nNextPartitionKey:1!20!UmFjZSBNZW1iZXJfNA--\nNextRowKey:1!12!TmFtZV85ODE-

此 stringtosign 身份验证是否有问题?其余标题与小提琴完全相同.

Is there anything wrong with this stringtosign authentication? The rest of the Headers are exactly the same as Fiddle.

示例

GET /mytablename?NextPartitionKey=1%2120%21UmFjZSBNZW1iZXJfNA--&NextRowKey=1%2112%21TmFtZV85ODE- HTTP/1.1
Host: mystorageaccount.table.core.windows.net
x-ms-version: 2014-02-14
x-ms-date: Fri, 05 Sep 2014 05:49:19 GMT
Authorization: SharedKey mystorageaccount:GD2w4pqsllzIOixNF/AfFqLkZhYzLpjK67a8OI7j6Go=
Accept: application/atom+xml
Accept-Charset: UTF-8
DataServiceVersion: 3.0;NetFx
MaxDataServiceVersion: 3.0;NetFx

我都读过了

• http://msdn.microsoft.com/library/azure/dd179428.aspx
• http://msdn.microsoft.com/en-us/library/azure/dd135718.aspx

Gaurav Mantri，你好

Hi Gaurav Mantri,

它仍然无法正常工作.我将在下面粘贴请求，我的stringtosign和响应:

It still did not work. I'll paste the request, my stringtosign and the response below:

GET /mytablename?NextPartitionKey=1%2120%21UmFjZSBNZW1iZXJfNA--&NextRowKey=1%2112%21TmFtZV85ODE- HTTP/1.1
Host: mystorageaccount.table.core.windows.net
x-ms-version: 2014-02-14
x-ms-date: Fri, 05 Sep 2014 07:05:12 GMT
Authorization: SharedKey mystorageaccount:HSYfO1Baadqcd4bQO5Q6uN1hrr2aXtLcQbFPkWgIXuw=
Accept: application/atom+xml
Accept-Charset: UTF-8
DataServiceVersion: 3.0;NetFx
MaxDataServiceVersion: 3.0;NetFx

要签名的字符串:

GET\n\n\nFri, 05 Sep 2014 07:05:12 GMT\n/mystorageaccount/mytablename\nnextpartitionkey:1!20!UmFjZSBNZW1iZXJfNA--\nnextrowkey:1!12!TmFtZV85ODE-

响应:

<?xml version=\"1.0\" encoding=\"utf-8\"?><m:error xmlns:m=\"http://schemas.microsoft.com/ado/2007/08/dataservices/metadata\"><m:code>AuthenticationFailed</m:code><m:message xml:lang=\"en-US\">Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:37272f11-0002-0014-5aa7-f7dd1c000000
Time:2014-09-05T07:05:09.5720897Z</m:message></m:error>

推荐答案

我有机会实际编写代码并进行尝试.基本上，当为表资源创建CanonicalizedResource字符串时，除了 comp querystring参数外，您不需要包括查询字符串参数.本质上，这是您需要从文档中遵循的内容( http://msdn.microsoft.com/library/azure/dd179428.aspx ):

I had an opportunity to actually write the code and try it out. Basically when creating CanonicalizedResource string for table resources, you need not include the query string parameters other than comp querystring parameter. Essentially this is what you would need to follow from the documentation (http://msdn.microsoft.com/library/azure/dd179428.aspx):

2009-09-19共享的密钥精简版和表格服务格式

此格式支持所有版本的共享密钥和共享密钥精简版表服务，以及适用于2009-09-19版本的Shared Key Lite的Blob和队列服务，以及文件服务的2014-02-14.此格式与以前版本的存储服务.在此构造CanonicalizedResource字符串格式如下:

This format supports Shared Key and Shared Key Lite for all versions of the Table service, and Shared Key Lite for the 2009-09-19 version of the Blob and Queue services and 2014-02-14 of the File service. This format is identical to that used with previous versions of the storage services. Construct the CanonicalizedResource string in this format as follows:

1. 以空字符串(")开头，附加正斜杠(/)，后跟拥有资源的帐户名称已访问.
2. 附加资源的编码URI路径.如果请求URI解决了资源的一部分，请附加适当的查询细绳.查询字符串应包含问号和comp参数(例如，?comp = metadata).不应有其他参数包含在查询字符串中.

执行完该操作后，您的代码应该运行良好.这是我编写的示例代码:

Once you do that, your code should run just fine. Here's the sample code I wrote:

    static void QueryTable()
    {
        var requestMethod = "GET";
        var storageServiceVersion = "2014-02-14";
        var date = DateTime.UtcNow.ToString("R");
        var canonicalizedResource = string.Format("/{0}/{1}", StorageAccount, TableName);
        var stringToSign = string.Format("{0}\n\n\n{1}\n{2}", requestMethod, date, canonicalizedResource);
        var authorizationHeader = GetAuthorizationHeader(stringToSign);
        using (var httpClient = new HttpClient())
        {
            httpClient.BaseAddress = new Uri(TableEndpoint);
            httpClient.DefaultRequestHeaders.Clear();
            httpClient.DefaultRequestHeaders.Add("x-ms-date", date);
            httpClient.DefaultRequestHeaders.Add("x-ms-version", storageServiceVersion);
            httpClient.DefaultRequestHeaders.Add("Authorization", authorizationHeader);

            var result = httpClient.GetAsync(TableName + "?NextPartitionKey=1!48!VXwzMzg0MDAzOWYzMjQ0ZDgxOWZjZmM5M2EyMzNkM2IxOA--&NextRowKey=1!0!");
            result.Wait();
        }
    }

    static string GetAuthorizationHeader(string canonicalizedString)
    {
        var signature = string.Empty;
        using (var hash = new HMACSHA256(Convert.FromBase64String(StorageAccountKey)))
        {
            var data = Encoding.UTF8.GetBytes(canonicalizedString);
            signature = Convert.ToBase64String(hash.ComputeHash(data));
        }

        return string.Format(CultureInfo.InvariantCulture, "{0} {1}:{2}", "SharedKey", StorageAccount, signature);
    }

基于此处的文档: http://msdn.microsoft.com/library/azure/dd179428.aspx (2009-09-19共享密钥格式部分，第4点)，您需要将所有查询参数转换为小写.因此，您的规范化资源字符串应为:

Based on the documentation here: http://msdn.microsoft.com/library/azure/dd179428.aspx (2009-09-19 Shared Key Format Section, point #4), you would need to convert all query parameters to lowercase. So your canonicalized resource string should be:

GET\n\n\nFri, 05 Sep 2014 03:57:11 GMT\n/mystorageaccount/mytablename\nnextpartitionkey:1!20!UmFjZSBNZW1iZXJfNA--\nnextrowkey:1!12!TmFtZV85ODE- 

尝试一下.那应该解决问题.

Give it a try. That should take care of the problem.

这篇关于microsoft azure表身份验证stringtosign错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！