签名不匹配。要使用的字符串是r

时间:2014-05-27 18:47:52

标签: azure-storage

尝试为容器中的Blob访问构建共享访问签名URI

BlobHelper BlobHelper = new BlobHelper(StorageAccount,StorageKey); 

     string signature = "";

    string signedstart = DateTime.UtcNow.AddMinutes(-1).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
     string signedexpiry = DateTime.UtcNow.AddMinutes(2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");

    //// SET CONTAINER LEVEL ACCESS POLICY
     string accessPolicyXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
                            "<SignedIdentifiers>\n" +
                            "  <SignedIdentifier>\n" +
                            "    <Id>twominutepolicy</Id>\n" +
                            "    <AccessPolicy>\n" +
                            "      <Start>" + signedstart + "</Start>\n" +
                            "      <Expiry>" + signedexpiry + "</Expiry>\n" +
                            "      <Permission>r</Permission>\n" +
                            "    </AccessPolicy>\n" +
                            "  </SignedIdentifier>\n" +
                            "</SignedIdentifiers>\n";


     BlobHelper.SetContainerAccessPolicy("xxxxxxx", "container", accessPolicyXml));

    string canonicalizedresource = "/xxxxxxx/501362787";


     string StringToSign = String.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
             "r",
             signedstart,
             signedexpiry,
             canonicalizedresource,
             "twominutepolicy",
             "2013-08-15",
             "rscc",
             "rscd",
             "rsce",
             "rscl", 
             "rsct"
             );




     using (HMACSHA256 hmacSha256 = new HMACSHA256(Convert.FromBase64String(StorageKey)))
     {
         Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
         signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));

    }

     StringBuilder sasToken = new StringBuilder();

    sasToken.Append(BlobHelper.DecodeFrom64(e.Item.ToolTip).ToString().Replace("http","https") + "?");

    //signedversion
     sasToken.Append("sv=2013-08-15&");

     sasToken.Append("sr=b&");
     //
     sasToken.Append("si=twominutepolicy&");
     sasToken.Append("sig=" + signature + "&");
     //
     sasToken.Append("st=" + HttpUtility.UrlEncode(signedstart).ToUpper() + "&");
     //
     sasToken.Append("se=" + HttpUtility.UrlEncode(signedexpiry).ToUpper() + "&");
     //
     sasToken.Append("sp=r");

    string url = sasToken.ToString();

获得以下异常

0

尝试为容器中的Blob访问构建共享访问签名URI

我在下面得到以下例外

AuthenticationFailed服务器无法验证请求。确保正确形成Authorization标头的值,包括签名。 RequestId:e424e1ac-fd96-4557-866a-992fc8c41841时间:2014-05-22T18:46:15.3436786Z签名不匹配。使用的字符串是r 2014-05-22T18:45:06Z 2014-05-22T18:48:06Z /xxxxxxx/501362787/State.SearchResults.pdf twominutepolicy 2013-08-15

1 个答案:

答案 0 :(得分:0)

rscc,rscd,rsce,rscl,rsct是overridden response headers的占位符。您的sasToken变量似乎不会覆盖响应标头,因此您只需在签名时使用带有换行符的空字符串。此外,您的规范化资源看起来也与服务器的资源不匹配。

顺便说一句,您是否看过Azure Storage Client Library来创建共享访问签名令牌?它提供了许多功能,是访问Microsoft Azure存储的官方SDK。

相关问题
最新问题