Azure Blob存储 - 更改容器的权限并使用SAS访问

时间:2014-06-26 15:42:57

标签: c# azure azure-storage

我有一个Azure Blob容器,其中包含一些blob。使用代码

创建(成功)容器 
if (container.CreateIfNotExists())
{
    var permissions = container.GetPermissions();
    permissions.PublicAccess = BlobContainerPublicAccessType.Off;
    container.SetPermissions(permissions);
}

您会看到权限设置为私有(即PublicAccessOff)。

在我的代码的后半部分,我想使用SAS打开权限,期限为1 hour。为了尝试这个,我使用的代码是:

if (container.Exists())
    {
    //Set the expiry time and permissions for the container.
    //In this case no start time is specified, so the shared access signature becomes valid immediately.
    SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
    sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1);
    sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List;

    //Generate the shared access signature on the container, setting the constraints directly on the signature.
    string sasContainerToken = container.GetSharedAccessSignature(sasConstraints);

    //Return the URI string for the container, including the SAS token.
    return container.Uri + sasContainerToken;
}

但是,无论我如何塑造它,当我将浏览器导航到返回的网址(即container.Uri + sasContainerToken)时,我收到了身份验证错误:

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>
    Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d7f89ef3-919b-4b86-9b4f-4a95273c20ff Time:2014-06-26T15:33:11.2754096Z
  </Message>
  <AuthenticationErrorDetail>
    Signature did not match. String to sign used was rl 2014-06-26T16:32:02Z /mycontainer/$root 2014-02-14
  </AuthenticationErrorDetail>
</Error>

任何人都可以告诉我为什么我看到此身份验证错误?

我的最终网址看起来格式正确?:

https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl

我感到茫然,所以任何指针都会受到高度赞赏。

1 个答案:

答案 0 :(得分:3)

我也遇到了完全相同的错误:)。您不能使用共享访问签名执行与容器相关的操作(列表blob除外)。您需要使用帐户密钥对容器执行操作。在此页面中:http://msdn.microsoft.com/en-us/library/azure/jj721951.aspx

  

使用共享访问签名支持的操作包括:

     
      

  • 读取和编写页面或块blob内容,阻止列表,属性和元数据

    •   

  • 删除,租赁和创建blob的快照

    •   

  • 在容器中列出blob

    •   

<强>更新

要列出blob,只需将 &comp=list&restype=container 添加到您的网址即可。所以你的网址应该是:

https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl&comp=list&restype=container
相关问题
最新问题