Azure SAS 令牌无法与 Azure.Storage.Blobs BlobServiceClient 一起使用
Azure SAS Token not working with Azure.Storage.Blobs BlobServiceClient
我正在使用 Azure.Storage.Blobs v12.1.0 库。我正在使用用户委托和 Azure 服务主体凭据生成一个 Blob 级 SAS 令牌,并尝试使用生成的 SAS 令牌上传一个 blob。
我完全按照 Azure 中的 this code 示例来生成 SAS 令牌。
这是我用来创建 SAS 令牌的代码:
string blobEndpoint = string.Format("https://{0}.blob.core.windows.net", storageProviderSettings.AccountName);
TokenCredential credential =
new ClientSecretCredential(
storageProviderSettings.TenantId,
storageProviderSettings.ClientId,
storageProviderSettings.ClientSecret,
new TokenCredentialOptions());
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint),
credential);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(blobName);
var delegationKey = await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerName,
BlobName = blobName,
Resource = "b",
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddSeconds(expirySeconds)
};
sasBuilder.SetPermissions(BlobSasPermissions.All);
// if (withDownloadAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Read);
// }
// if (withDeleteAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Delete);
// }
Console.WriteLine(sasBuilder.Permissions);
var sasQueryParams = sasBuilder.ToSasQueryParameters(delegationKey, storageProviderSettings.AccountName).ToString();
UriBuilder sasUri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", storageProviderSettings.AccountName),
Path = string.Format("{0}/{1}", containerName, blobName),
Query = sasQueryParams
};
BlobServiceClient service = new BlobServiceClient(sasUri.Uri);
await service.GetPropertiesAsync();
Settings tmpUploadCredentials = CreateTemporaryAzureStorageProviderSettings(sasUri, storageProviderSettings);
Console.WriteLine(tmpUploadCredentials.ConnectionString);
return tmpUploadCredentials;
SAS 令牌已创建,如果我将其保存在浏览器中,则 Get Blob 工作正常,但如果我尝试上传文件或执行它现在正在运行的任何操作,则使用 BlobServiceClient。
为了检查它是否经过身份验证,我写了这一行 await service.GetPropertiesAsync();,它抛出了以下错误:
任何帮助将不胜感激。
根据我的测试,service.GetPropertiesAsync();是账号上的一个动作。这意味着它将调用 Get Blob Service Properties rest api to get the properties of the account's blob service. However, when you create BlobServiceClient, you provide the blob url. The blob do not support the action. So you will get the error. It will want to to get the properties of a blob, please call the api。因此,请将您的代码更新为以下代码
BlobClient blobClient = new BlobClient(sasUri, null);
blobClient.GetPropertiesAsync();
我正在使用 Azure.Storage.Blobs v12.1.0 库。我正在使用用户委托和 Azure 服务主体凭据生成一个 Blob 级 SAS 令牌,并尝试使用生成的 SAS 令牌上传一个 blob。
我完全按照 Azure 中的 this code 示例来生成 SAS 令牌。
这是我用来创建 SAS 令牌的代码:
string blobEndpoint = string.Format("https://{0}.blob.core.windows.net", storageProviderSettings.AccountName);
TokenCredential credential =
new ClientSecretCredential(
storageProviderSettings.TenantId,
storageProviderSettings.ClientId,
storageProviderSettings.ClientSecret,
new TokenCredentialOptions());
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint),
credential);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(blobName);
var delegationKey = await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerName,
BlobName = blobName,
Resource = "b",
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddSeconds(expirySeconds)
};
sasBuilder.SetPermissions(BlobSasPermissions.All);
// if (withDownloadAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Read);
// }
// if (withDeleteAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Delete);
// }
Console.WriteLine(sasBuilder.Permissions);
var sasQueryParams = sasBuilder.ToSasQueryParameters(delegationKey, storageProviderSettings.AccountName).ToString();
UriBuilder sasUri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", storageProviderSettings.AccountName),
Path = string.Format("{0}/{1}", containerName, blobName),
Query = sasQueryParams
};
BlobServiceClient service = new BlobServiceClient(sasUri.Uri);
await service.GetPropertiesAsync();
Settings tmpUploadCredentials = CreateTemporaryAzureStorageProviderSettings(sasUri, storageProviderSettings);
Console.WriteLine(tmpUploadCredentials.ConnectionString);
return tmpUploadCredentials;
SAS 令牌已创建,如果我将其保存在浏览器中,则 Get Blob 工作正常,但如果我尝试上传文件或执行它现在正在运行的任何操作,则使用 BlobServiceClient。
为了检查它是否经过身份验证,我写了这一行 await service.GetPropertiesAsync();,它抛出了以下错误:
任何帮助将不胜感激。
根据我的测试,service.GetPropertiesAsync();是账号上的一个动作。这意味着它将调用 Get Blob Service Properties rest api to get the properties of the account's blob service. However, when you create BlobServiceClient, you provide the blob url. The blob do not support the action. So you will get the error. It will want to to get the properties of a blob, please call the api。因此,请将您的代码更新为以下代码
BlobClient blobClient = new BlobClient(sasUri, null);
blobClient.GetPropertiesAsync();