如何使用SharedAccessSignature访问斑点 [英] How to use SharedAccessSignature to access blobs

问题描述

我试图访​​问存储在Windows Azure中的私营集装箱一滴。该容器具有共享访问签名，但是当我尝试
访问BLOB，我收到了StorgeClientException服务器无法进行身份验证的要求。确保形成Authorization头
正确包括签名。

I am trying to access a blob stored in a private container in Windows Azure. The container has a Shared Access Signature but when I try to access the blob I get a StorgeClientException "Server failed to authenticate the request. Make sure the Authorization header is formed correctly including the signature".

在code创建容器和上载的斑点看起来是这样的：

The code that created the container and uploaded the blob looks like this:

// create the container, set a Shared Access Signature, and share it 

// first this to do is to create the connnection to the storage account
// this should be in app.config but as this isa test it will just be implemented
// here: 
// add a reference to Microsoft.WindowsAzure.StorageClient 
// and Microsoft.WindowsAzure.StorageClient set up the objects
//storageAccount = CloudStorageAccount.DevelopmentStorageAccount;

storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings["ConnectionString"]);
blobClient = storageAccount.CreateCloudBlobClient();

// get a reference tot he container for the shared access signature
container = blobClient.GetContainerReference("blobcontainer");
container.CreateIfNotExist();

// now create the permissions policy to use and a public access setting
var permissions = container.GetPermissions();
permissions.SharedAccessPolicies.Remove("accesspolicy");
permissions.SharedAccessPolicies.Add("accesspolicy", new SharedAccessPolicy
                                                               {
                                                                   // this policy is live immediately
                                                                   // if the policy should be delatyed then use:
                                                                   //SharedAccessStartTime = DateTime.Now.Add(T); where T is some timespan
                                                                   SharedAccessExpiryTime =
                                                                       DateTime.UtcNow.AddYears(2),
                                                                   Permissions =
                                                                       SharedAccessPermissions.Read | SharedAccessPermissions.Write
                                                               });

// turn off public access
permissions.PublicAccess = BlobContainerPublicAccessType.Off;

// set the permission on the ocntianer
container.SetPermissions(permissions);

 var sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "accesspolicy");


StorageCredentialsSharedAccessSignature credentials = new StorageCredentialsSharedAccessSignature(sas);
CloudBlobClient client = new CloudBlobClient(storageAccount.BlobEndpoint,
                                             new StorageCredentialsSharedAccessSignature(sas));

CloudBlob sasblob = client.GetBlobReference("blobcontainer/someblob.txt");
sasblob.UploadText("I want to read this text via a rest call");

// write the SAS to file so I can use it later in other apps
using (var writer = new StreamWriter(@"C:\policy.txt"))
{
    writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
}

在code我一直在尝试使用读取斑点看起来是这样的：

The code I have been trying to use to read the blob looks like this:

// the storace credentials shared access signature is copied directly from the text file "c:\policy.txt"
CloudBlobClient client = new CloudBlobClient("https://my.azurestorage.windows.net/", new StorageCredentialsSharedAccessSignature("?sr=c&si=accesspolicy&sig=0PMoXpht2TF1Jr0uYPfUQnLaPMiXrqegmjYzeg69%2FCI%3D"));

CloudBlob blob = client.GetBlobReference("blobcontainer/someblob.txt");

Console.WriteLine(blob.DownloadText());
Console.ReadLine();

我可以通过添加帐户凭据作出上述工作，但，这正是我想避免的。我不想要的东西
我的帐户凭据敏感只是坐在那里，我对如何获得签名改成客户端应用程序，而无需帐户凭据不知道。

I can make the above work by adding the account credentials but that is exactly what I'm trying to avoid. I do not want something as sensitive as my account credentials just sitting out there and I have no idea on how to get the signature into the client app without having the account credentials.

任何帮助是极大AP preciated。

Any help is greatly appreciated.

推荐答案

为什么这样？

writer.WriteLine（container.GetSharedAccessSignature（新SharedAccessPolicy（），securedblobpolicy））;

writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));

和不写你已经创建了SAS字符串？

and not writing the "sas" string you already created?

这晚，我可以很容易地失去了一些东西，但似乎你可能不会保存您使用写在首位的文件相同的访问签名。

It's late and I could easily be missing something but it seems that you might not be saving the same access signature that you're using to write the file in the first place.

也说不定这里不相关，但我相信这是你可以有容器范围的政策的数量限制。你每一次上传多个文件与此code相同的容器和创造一个新的容器SAS？

Also perhaps not relevant here but I believe there is a limit on the number of container-wide policies you can have. Are you uploading multiple files to the same container with this code and creating a new container sas each time?

在一般我认为这将是更好的要求SAS在你用短到期时间需要它的时候一个单独的一滴。

In general I think it would be better to request a sas for an individual blob at the time you need it with a short expiry time.

这篇关于如何使用SharedAccessSignature访问斑点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！