Azure CloudBlobContainer.CreateIfNotExists返回403禁止

时间:2014-07-13 17:47:04

标签: c# asp.net azure-storage

我在Web API服务中间接调用CloudBlobContainer.CreateIfNotExist(请参阅下面的FindOrCreatePrivateBlobContainer方法),但它返回以下403禁止错误消息:

<Error>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>Microsoft.WindowsAzure.Storage.StorageException</ExceptionType>
<StackTrace>
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(Boolean primaryOnly, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobRequestOptions requestOptions, OperationContext operationContext) at [Obfuscated].DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(String ContainerName, String AccountConnectionString) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.BlobStorage\BlobHelper.cs:line 25 at [Obfuscated].DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream(Int64 FileItemId) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.BlobStorage\BlobFileItemHandler.cs:line 114 at [Obfuscated].DocumentManagement.Service.Controllers.FileItemController.Get(String ServiceAuthKey, Int64 FileItemId) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.Service\Controllers\FileItemController.cs:line 148 at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()
</StackTrace>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>System.Net.WebException</ExceptionType>
<StackTrace>
at System.Net.HttpWebRequest.GetResponse() at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
</StackTrace>
</InnerException>
</Error>

以下是生成错误的代码:

     public HttpResponseMessage Get(string ServiceAuthKey, Int64 FileItemId)
        {
            if (!CheckServiceAuthKey(ServiceAuthKey).IsSuccessStatusCode)
                return new HttpResponseMessage(HttpStatusCode.Unauthorized);

            HttpRequest request = HttpContext.Current.Request;

            FileItem fi = null;
            using (DocumentDbContext db = new DocumentDbContext())
            {
                fi = db.FileItems.Find(FileItemId);
            }


            BlobFileItemHandler fih = new BlobFileItemHandler();
            Stream s = fih.GetStream(FileItemId);


            // -------- DOWNLOAD FILE TO CLIENT -------- 

            HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
            response.Content = new StreamContent(s);
            //a text file is actually an octet-stream (pdf, etc)
            response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
            //we used attachment to force download
            response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
            response.Content.Headers.ContentDisposition.FileName = fi.PublicFileName;


            return response;
        }

 public Stream GetStream(Int64 FileItemId)
        {
            CloudBlobContainer c = BlobHelper.FindOrCreatePrivateBlobContainer("[Obfuscated]-dms", AccountConnectionString);

            using (DocumentDbContext db = new DocumentDbContext())
            {
                FileItem fi = db.FileItems.Find(FileItemId);

                CloudBlockBlob blob = c.GetDirectoryReference(fi.FilePathOnServer).GetBlockBlobReference(fi.PrivateFileName);
                bool blobExists = blob.Exists();

                if (!blobExists)
                    throw new System.IO.FileNotFoundException();

                Stream stream = new MemoryStream();
                blob.DownloadToStream(stream);
                long streamlen = stream.Length;
                stream.Position = 0;
                return stream;
            }

        }

public static CloudBlobContainer FindOrCreatePrivateBlobContainer(string ContainerName, string AccountConnectionString)
        {
            Trace.TraceInformation("FindOrCreatePrivateBlobContainer '" + ContainerName + "' with connectionstring '" + AccountConnectionString + "'");
            CloudStorageAccount account = CloudStorageAccount.Parse(AccountConnectionString);
            CloudBlobClient blobClient = account.CreateCloudBlobClient();
            CloudBlobContainer container = blobClient.GetContainerReference(ContainerName);
            container.CreateIfNotExists();
            return container;
        }

我需要一些帮助来解决此错误的原因。我尝试过以下方法:

  1. 检查了要创建的容器的名称是否有效,并且在此特定情况下仅包含小写字母(没有特殊字符或大写字符)。
  2. 我已经读过Azure服务器和呼叫服务器之间的时区差异可能导致403禁止的错误消息。无论我是从个人计算机运行服务(时区设置为UTC)还是从Azure部署运行,都会发生此错误。
  3. 我检查了我的连接字符串和帐户密钥,这似乎是正确的。它采用以下格式:<add key="MyStuff.DocumentManagement.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=MyStuffAccount;AccountKey=[obfuscated]" />
  4. 我尝试在http和https之间切换,结果没有区别。
  5. 我可以确认我正在运行最新版本的Azure存储API(4.1.0)
  6. 我能够连接到Azure存储并通过VS 2013服务器资源管理器
  7. 创建一个新容器

    请帮忙!

    更新

      

    以下是启用跟踪后错误的输出:应用程序:   2014-07-13T19:08:03 PID [6888]错误
      Microsoft.WindowsAzure.Storage.StorageException:远程服务器   返回错误:(403)禁止。 ---&GT; System.Net.WebException:The   远程服务器返回错误:(403)禁止。申请:at   System.Net.HttpWebRequest.GetResponse()应用程序:at   Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync [T](RESTCommand 1 cmd, IRetryPolicy policy, OperationContext operationContext) Application: --- End of inner exception stack trace --- Application: at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand 1   cmd,IRetryPolicy策略,OperationContext operationContext)   申请:at   Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(布尔   primaryOnly,BlobRequestOptions requestOptions,OperationContext   operationContext)应用程序:at   Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType   accessType,BlobRequestOptions requestOptions,OperationContext   operationContext)应用程序:at   [模糊处理] .DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(字符串   ContainerName,String AccountConnectionString)应用程序:at   [模糊处理] .DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream(Int64类型   FileItemId)应用程序:请求信息应用程序:   RequestID:fce980ad-a673-4ef1-b55d-d017a49845c8应用:   RequestDate:Sun,13 Jul 2014 19:08:02 GMT申请:   StatusMessage:服务器无法验证请求。确保   正确形成授权标头的值,包括   签名。

7 个答案:

答案 0 :(得分:20)

这可能不是这个特定问题的解决方案,但它可能会帮助其他人。

我收到了403错误,很难跟踪解决方案。我终于发现我的开发机器的时间已经过了2个小时。当我正确设置时间时,403就消失了。

Azure要求UTC时间戳在请求时间的15分钟内。

答案 1 :(得分:5)

正如我们在上面的评论中所讨论的那样,当您开始从服务中获取403状态代码时,请确保您的密钥有效。如果通过门户网站或使用服务管理API

重新生成密钥,则密钥可能会发生变化

答案 2 :(得分:2)

如果您最近升级了WindowsAzure.Storage而不是使用已弃用的WindowsAzure.StorageClient dll,那么您可能会遇到此问题,因为尚未设置BlobRequestOptions和OperationContext

MSDN与CloudBlobContainer的关联创建如果不存在方法

http://msdn.microsoft.com/en-us/library/microsoft.windowsazure.storage.blob.cloudblobcontainer.createifnotexists.aspx

答案 3 :(得分:1)

请尝试以下操作: 1.生成新的访问密钥以在您的App.config文件中使用

或 2.登录到您的天蓝色门户 在存储帐户下 选择 ->防火墙和虚拟网络 ->在刀片下,启用“允许从“所有网络”选项访问”

我希望这对某人有用!

enter image description here

答案 4 :(得分:0)

我在调用

时看到了同样的错误消息
Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient.GetBlobReferenceFromServerAsync(Uri blobUri)

意外地使用指向与CloudBlobClient.BaseUri所指向的URL不同的blobUri值。

答案 5 :(得分:0)

对我来说,原来我们对存储帐户有IP限制,这导致了403禁止访问。解决该问题的方法是访问Azure门户并转到:

存储帐户→“ StorageAccountName”→防火墙和虚拟网络

然后确保您的IP位于允许的部分,或选中“允许从所有网络访问”。

答案 6 :(得分:0)

尝试连接到本地Azure存储模拟器时,我遇到了类似的问题。通过Azure存储资源管理器,连接成功,但是通过使用REST API的自定义工具,则抛出403错误。我必须手动在配置中包括端点,并使用http代替https。

此处(https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string)的更多信息

DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;
AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;
BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;
TableEndpoint=http://127.0.0.1:10002/devstoreaccount1;
QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;