天青,拒绝访问的共享访问签名用于存储2.0 [英] Azure, access denied on Shared Access Signature for Storage 2.0
问题描述
我遇到了麻烦共享访问签名与存储2.0工作..
我用code:
如果(blob.Exists())
{
变种期满= DateTime.UtcNow.AddMinutes(30);
VAR SAS = blob.GetSharedAccessSignature(新Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPolicy
{
权限= Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime =到期
});
URL = string.Concat(blob.Uri.AbsoluteUri,SAS);
}
返回URL;
但是,如果我调试会话和URL粘贴到浏览器中,我得到一个错误:
<错误>
< code基AuthenticationFailed< / code>
<消息>
服务器无法验证请求。确保授权头的值是正确形成,包括签名。请求ID:c1a1dd2b-bf4a-4a6b-bab2-ab1cb9363d27时间:2012-11-19T14:41:51.1254531Z
< /信息>
< AuthenticationErrorDetail>
签名不匹配。串签使用为r 2012-11-19T15:11:36Z /container/path/1356/pic.jpg 2012-02-12
< / AuthenticationErrorDetail>
< /错误>
有人能帮忙吗?
更新:
结果URL的样子:
<一href=\"https://storageaccountname.blob.core.windows.net/container/path/1356/pic.jpg?sv=2012-02-12&se=2012-11-19T19%3A25%3A32Z&sr=b&sp=r&sig=s6QIdwAGY4xC8fs4L9pK8hAGIY%2F8x58aqBcFbejYPdM%3D\" rel=\"nofollow\">https://storageaccountname.blob.core.windows.net/container/path/1356/pic.jpg?sv=2012-02-12&se=2012-11-19T19%3A25%3A32Z&sr=b&sp=r&sig=s6QIdwAGY4xC8fs4L9pK8hAGIY%2F8x58aqBcFbejYPdM%3D
我收到了同样的错误。使用该code工作之前我升级到2.0:
VAR sharedAccessPolicy =新SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-10),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30),
权限= SharedAccessBlobPermissions.Read
};
VAR sharedAccessSignature = _blockblob.GetSharedAccessSignature(sharedAccessPolicy);
返回_blockblob.Uri.AbsoluteUri + sharedAccessSignature;
我得到的URI:
<$p$p><$c$c>http://127.0.0.1:10000/devstoreaccount1/original/c04d2a1c-980b-42c5-b76e-b71185f027b6.jpg?sv=2012-02-12&st=2012-11-20T08%3A30%3A24Z&se=2012-11-20T09%3A10%3A24Z&sr=b&sp=r&sig=9%2BVg6mSGqyrfr5rPlNJ6GSv%2BHN3J9k%2FWFRLYmx3xCvQ%3D更新,解决的:
在我的code上面我有_blockBlob。这是在constuctor设定
VAR blobClient = account.CreateCloudBlobClient();
VAR容器= blobClient.GetContainerReference(容器名称);
CloudBlockBlob _blockblob = container.GetBlockBlobReference(文件名);
最后一行(由clausndk建议)更改为
ICloudBlob _test = container.GetBlobReferenceFromServer(文件名);
解决了,因为在不同的(有效)签名呼吁GetSharedAccessSignature上_test结果的问题。
查看源$ C $ C为Azure存储和使用我的应用程序调试我已经找到了问题的原因。在我的code我有容器名称以斜线(原件/)。这不,当谈到GetSharedAccessSignature除了一个问题。这里多余的斜线搅乱canonicalName(一个斜线在code,双重斜线增加),这将无效并签名。 GetBlobReferenceFromServer工作的原因是,它要求该服务器(通过REST API),用于斑点和所得CloudBlockBlob已斜线除去。
在我的code我已删除的斜线,但Sandrino迪马蒂亚的解决方案,以在容器名称中使用.Trim('/')也适用。我认为这是pferred比使用GetBlobReferenceFromServer,因为它会导致额外的服务器调用$ P $。
希望另一方面,getCanonicalName在CloudBlockBlobBase的实施将改变以处理未来尾随斜线(我已经创建了一个问题上的 GitHub上了解这一点),但现在这种变通的作品。
I'm having trouble getting shared access signatures to work with Storage 2.0..
I use the code:
if (blob.Exists())
{
var expires = DateTime.UtcNow.AddMinutes(30);
var sas = blob.GetSharedAccessSignature(new Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPolicy
{
Permissions = Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = expires
});
url = string.Concat(blob.Uri.AbsoluteUri, sas);
}
return url;
But if I debug the session and paste the URL into a browser, I get an error:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:c1a1dd2b-bf4a-4a6b-bab2-ab1cb9363d27 Time:2012-11-19T14:41:51.1254531Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was r 2012-11-19T15:11:36Z /container/path/1356/pic.jpg 2012-02-12
</AuthenticationErrorDetail>
</Error>
Can anybody help?
UPDATE: A resulting URL looks like: https://storageaccountname.blob.core.windows.net/container/path/1356/pic.jpg?sv=2012-02-12&se=2012-11-19T19%3A25%3A32Z&sr=b&sp=r&sig=s6QIdwAGY4xC8fs4L9pK8hAGIY%2F8x58aqBcFbejYPdM%3D
I am getting the same error. This code used to work before I updated to 2.0:
var sharedAccessPolicy = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-10),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30),
Permissions = SharedAccessBlobPermissions.Read
};
var sharedAccessSignature = _blockblob.GetSharedAccessSignature(sharedAccessPolicy);
return _blockblob.Uri.AbsoluteUri + sharedAccessSignature;
I get the uri:
http://127.0.0.1:10000/devstoreaccount1/original/c04d2a1c-980b-42c5-b76e-b71185f027b6.jpg?sv=2012-02-12&st=2012-11-20T08%3A30%3A24Z&se=2012-11-20T09%3A10%3A24Z&sr=b&sp=r&sig=9%2BVg6mSGqyrfr5rPlNJ6GSv%2BHN3J9k%2FWFRLYmx3xCvQ%3D
UPDATE, SOLVED:
In my code above I have _blockBlob. This was set in the constuctor with
var blobClient = account.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(containerName);
CloudBlockBlob _blockblob = container.GetBlockBlobReference(fileName);
Changing the last line(as suggested by clausndk) to
ICloudBlob _test = container.GetBlobReferenceFromServer(fileName);
solves the problem since the call to GetSharedAccessSignature on _test results in a different (valid) signature.
Looking at the source code for Azure storage and using the debugger on my application I have found the cause of the problem. In my code I have containerName with a trailing slash (original/). This is not a problem except when it comes to GetSharedAccessSignature. Here the extra slash messes up the canonicalName (one slash is added in the code giving double slashes) and this invalidates the signature. The reason GetBlobReferenceFromServer works is that it asks the servers (via REST API) for the blob and the resulting CloudBlockBlob has the slash removed.
In my code I have removed the trailing slash but Sandrino Di Mattia's solution to use .Trim('/') on the container name also works. I think this is preferred over using GetBlobReferenceFromServer as it would cause an extra server call.
Hopefully the implementation of GetCanonicalName in CloudBlockBlobBase will be changed to handle trailing slashes in the future (I have created an issue on GitHub for this) but for now this "workaround" works.
这篇关于天青,拒绝访问的共享访问签名用于存储2.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
