我正在尝试访问存储在Windows Azure中的私有容器中的blob。容器有共享访问签名但我尝试时 访问blob我得到一个StorgeClientException“服务器无法验证请求。确保Authorization标头形成 正确地包括签名“。
创建容器并上传blob的代码如下所示:
// create the container, set a Shared Access Signature, and share it
// first this to do is to create the connnection to the storage account
// this should be in app.config but as this isa test it will just be implemented
// here:
// add a reference to Microsoft.WindowsAzure.StorageClient
// and Microsoft.WindowsAzure.StorageClient set up the objects
//storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings["ConnectionString"]);
blobClient = storageAccount.CreateCloudBlobClient();
// get a reference tot he container for the shared access signature
container = blobClient.GetContainerReference("blobcontainer");
container.CreateIfNotExist();
// now create the permissions policy to use and a public access setting
var permissions = container.GetPermissions();
permissions.SharedAccessPolicies.Remove("accesspolicy");
permissions.SharedAccessPolicies.Add("accesspolicy", new SharedAccessPolicy
{
// this policy is live immediately
// if the policy should be delatyed then use:
//SharedAccessStartTime = DateTime.Now.Add(T); where T is some timespan
SharedAccessExpiryTime =
DateTime.UtcNow.AddYears(2),
Permissions =
SharedAccessPermissions.Read | SharedAccessPermissions.Write
});
// turn off public access
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
// set the permission on the ocntianer
container.SetPermissions(permissions);
var sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "accesspolicy");
StorageCredentialsSharedAccessSignature credentials = new StorageCredentialsSharedAccessSignature(sas);
CloudBlobClient client = new CloudBlobClient(storageAccount.BlobEndpoint,
new StorageCredentialsSharedAccessSignature(sas));
CloudBlob sasblob = client.GetBlobReference("blobcontainer/someblob.txt");
sasblob.UploadText("I want to read this text via a rest call");
// write the SAS to file so I can use it later in other apps
using (var writer = new StreamWriter(@"C:\policy.txt"))
{
writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
}
我一直试图用来读取blob的代码如下:
// the storace credentials shared access signature is copied directly from the text file "c:\policy.txt"
CloudBlobClient client = new CloudBlobClient("https://my.azurestorage.windows.net/", new StorageCredentialsSharedAccessSignature("?sr=c&si=accesspolicy&sig=0PMoXpht2TF1Jr0uYPfUQnLaPMiXrqegmjYzeg69%2FCI%3D"));
CloudBlob blob = client.GetBlobReference("blobcontainer/someblob.txt");
Console.WriteLine(blob.DownloadText());
Console.ReadLine();
我可以通过添加帐户凭据来完成上述工作,但这正是我想要避免的。我不想要什么 与我的帐户凭据一样敏感,只是坐在那里,我不知道如何在没有帐户凭据的情况下将签名导入客户端应用程序。
非常感谢任何帮助。
答案 0 :(得分:3)
为什么会这样?
writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
而不是写你已创建的sas字符串?
已经很晚了,我很容易丢失一些东西,但似乎你可能没有保存你用来编写文件的相同访问签名。
此处也许不相关,但我相信您可以拥有的容器范围政策数量有限制。您是否使用此代码将多个文件上载到同一容器并每次都创建一个新的容器?
一般来说,我认为最好在您需要的时候以短暂的到期时间为单个blob请求sas。
答案 1 :(得分:1)
“my.azurestorage.windows.net”只是一个错字吗?我希望有类似“https:// 帐户 .blob.core.windows.net”的内容。
否则代码看起来非常类似于http://blog.smarx.com/posts/shared-access-signatures-are-easy-these-days中的代码,该代码可以正常工作。