向 Azure Blob 存储发出 GET 请求时授权失败 [REST API][Azure Blob 存储]

Question

我正在尝试发出 GET 请求以获取我的 Azure Blob 存储帐户的帐户详细信息，但每次都显示 Auth 失败。谁能告诉我形成的 Header 或签名字符串是否正确或是否存在其他问题？

代码如下：

const account = process.env.ACCOUNT_NAME || "";
const key = process.env.ACCOUNT_KEY || "";

var strTime = new Date().toUTCString();
var strToSign =
  "GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:" +
  strTime +
  `\nx-ms-version:2018-03-28\n/${account}/\ncomp:properties\nrestype:account`;
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:${hashInBase64}`;

const options = {
  url: `https://${account}.blob.core.windows.net/?comp=properties&restype=account`,

  headers: {
    Authorization: auth,
    "x-ms-date": strTime,
    "x-ms-version": "2018-03-28",
  },
};

function callback(error, response, body) {
  var json = parser.toJson(body);
  console.log(error);
  console.log(response);
  if (!error && response.statusCode == 200) {
    var json = parser.toJson(body);
    console.log(json);
  }
}

request(options, callback);

在此之后，我得到的 response.statusCode 是状态 403。

statusCode: 403,
statusMessage: 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.',

有关 azure-blob 和 headers 以及 Auth 的详细信息可以在这里找到： https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

https://docs.microsoft.com/en-us/rest/api/storageservices/get-account-information

编辑： 字符串参数 = 已更正为 :

Answer 1

向 Azure Blob 存储发出请求会更容易using Azure Storage JS SDK。如果您想获取您的存储帐户信息，只需尝试以下代码：

const { BlobServiceClient, StorageSharedKeyCredential } = require("@azure/storage-blob");

const account = '<storage account name>'
const accountKey = '<storage account key>'

const sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);

const blobServiceClient = new BlobServiceClient(
    `https://${account}.blob.core.windows.net`,
    sharedKeyCredential
);

blobServiceClient.getAccountInfo().then((result)=>{
    console.log("accountKind:"+result.accountKind + " skuName:" + result.skuName + " version:" + result.version );
})

结果：

更新：

如果您想以更通用的方式尝试，请尝试以下代码：

var CryptoJS = require("crypto-js");
var request = require("request");
var parser = require('body-parser')

const account = ''
const key = ''

var strTime = new Date().toUTCString();
var strToSign =
  "GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:" +
  strTime +
  `\nx-ms-version:2018-03-28\n/${account}/\ncomp:properties\nrestype:account`;

  //console.log(strToSign);
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:${hashInBase64}`;

const options = {
  url: `https://${account}.blob.core.windows.net/?comp=properties&restype=account`,

  headers: {
    Authorization: auth,
    "x-ms-date": strTime,
    "x-ms-version": "2018-03-28",
  },
};

function callback(error, response, body) {
 
  console.log(body);
  if (!error && response.statusCode == 200) {
    
    console.log(response.headers["x-ms-sku-name"]);
  }
}

request(options, callback);

结果：

似乎您应该在 strToSign 的最后一个参数中使用 : 而不是 = 。

向 Azure Blob 存储发出 GET 请求时授权失败 [REST API][Azure Blob 存储]

Authorization Failed while making GET Request to Azure Blob Storage [REST API][Azure Blob Storage]

javascript

azure

node.js

azure-blob-storage

azure-authentication