Azure 存储帐户生成 SAS 令牌,而不是 SAS URI
Azure Storage Account generate SAS Token, not an SAS URI
我正在使用 Azure.Storage.Blob
库生成 SasToken,但我得到的是 Sas Uri。我在网上和 docs.
中查找示例
我尝试自己生成令牌,但没有成功。我什至尝试创建一个 SharedKeyLite,但也没有用。
我的 SharedKeyLite 代码:
var stringToSign = $"{DateTimeOffset.UtcNow.ToString("R", CultureInfo.InvariantCulture)}\n${canonicalizedResource}";
var hmac = new HMACSHA256(Convert.FromBase64String(storageAccountKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
return Convert.ToBase64String(hash);
我的要求:
URI: https://<myAccount>.blob.core.windows.net/<pathToFile>
# Headers
Authorization: SharedKeyLite <myAccount>:<keyFromAbove>
x-ms-date: date
x-ms-version: 2014-02-14
错误:
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
为什么 Azure.Storage.Blob
不生成 SAS 令牌?
使用 Azure CLI 从存储帐户获取 SAS 令牌。
az storage blob generate-sas \ --account-name {Storage Account name} \
--container-name {container name} \--name {blob name} \--permissions
{permissions to grant} \--expiry {datetime to expire the SAS token} \
--services {storage services the SAS allows} \--resource-types {resource types the SAS allows}
示例:
CONNECTION_STRING=<connection-string> az storage blob generate-sas \
--account-name MyStorageAccount \ --container-name MyContainer \
--name MyBlob \ --permissions racdw \ --expiry 2020-06-15
有关详细信息,请参阅此 link
另一种生成SAS Token的方法
private static string GetSharedAccessSignature(
string accountName,
string accountkey,
string blobContainer,
string blobName,
DateTimeOffset sharedAccessStartTime,
DateTimeOffset sharedAccessExpiryTime)
{
var canonicalNameFormat = $"/blob/{accountName}/{blobContainer}/{blobName}";
var st = sharedAccessStartTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var se = sharedAccessExpiryTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var sasVersion = "2016-05-31";
string stringToSign = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}", new object[]
{
"r",
st,
se,
canonicalNameFormat,
string.Empty,
string.Empty,
string.Empty,
sasVersion,
string.Empty,
string.Empty,
string.Empty,
string.Empty,
string.Empty
});
var sas = GetHash(stringToSign, accountkey);
var credentials =
$"?sv={sasVersion}&sr=b&sig={UrlEncoder.Default.Encode(sas)}&st={UrlEncoder.Default.Encode(st)}&se={UrlEncoder.Default.Encode(se)}&sp=r";
string blobUri = $"https://{accountName}.blob.core.windows.net/{blobContainer}/{blobName}";
return blobUri + credentials;
}
private static string GetHash(string stringToSign, string key)
{
byte[] keyValue = Convert.FromBase64String(key);
using (HMACSHA256 hmac = new HMACSHA256(keyValue))
{
return Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
}
}
有关详细信息,请参阅此
我正在使用 Azure.Storage.Blob
库生成 SasToken,但我得到的是 Sas Uri。我在网上和 docs.
我尝试自己生成令牌,但没有成功。我什至尝试创建一个 SharedKeyLite,但也没有用。
我的 SharedKeyLite 代码:
var stringToSign = $"{DateTimeOffset.UtcNow.ToString("R", CultureInfo.InvariantCulture)}\n${canonicalizedResource}";
var hmac = new HMACSHA256(Convert.FromBase64String(storageAccountKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
return Convert.ToBase64String(hash);
我的要求:
URI: https://<myAccount>.blob.core.windows.net/<pathToFile>
# Headers
Authorization: SharedKeyLite <myAccount>:<keyFromAbove>
x-ms-date: date
x-ms-version: 2014-02-14
错误:
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
为什么 Azure.Storage.Blob
不生成 SAS 令牌?
使用 Azure CLI 从存储帐户获取 SAS 令牌。
az storage blob generate-sas \ --account-name {Storage Account name} \
--container-name {container name} \--name {blob name} \--permissions
{permissions to grant} \--expiry {datetime to expire the SAS token} \
--services {storage services the SAS allows} \--resource-types {resource types the SAS allows}
示例:
CONNECTION_STRING=<connection-string> az storage blob generate-sas \
--account-name MyStorageAccount \ --container-name MyContainer \
--name MyBlob \ --permissions racdw \ --expiry 2020-06-15
有关详细信息,请参阅此 link
另一种生成SAS Token的方法
private static string GetSharedAccessSignature(
string accountName,
string accountkey,
string blobContainer,
string blobName,
DateTimeOffset sharedAccessStartTime,
DateTimeOffset sharedAccessExpiryTime)
{
var canonicalNameFormat = $"/blob/{accountName}/{blobContainer}/{blobName}";
var st = sharedAccessStartTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var se = sharedAccessExpiryTime.UtcDateTime.ToString("yyyy-MM-ddTHH:mm:ssZ");
var sasVersion = "2016-05-31";
string stringToSign = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}", new object[]
{
"r",
st,
se,
canonicalNameFormat,
string.Empty,
string.Empty,
string.Empty,
sasVersion,
string.Empty,
string.Empty,
string.Empty,
string.Empty,
string.Empty
});
var sas = GetHash(stringToSign, accountkey);
var credentials =
$"?sv={sasVersion}&sr=b&sig={UrlEncoder.Default.Encode(sas)}&st={UrlEncoder.Default.Encode(st)}&se={UrlEncoder.Default.Encode(se)}&sp=r";
string blobUri = $"https://{accountName}.blob.core.windows.net/{blobContainer}/{blobName}";
return blobUri + credentials;
}
private static string GetHash(string stringToSign, string key)
{
byte[] keyValue = Convert.FromBase64String(key);
using (HMACSHA256 hmac = new HMACSHA256(keyValue))
{
return Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
}
}
有关详细信息,请参阅此