Question

我正在尝试构建帐户级共享访问签名，以便我的客户端可以访问存储帐户中的所有容器。我正在关注这些文档Account SAS。它似乎很直接，但我不断收到以下错误消息：

＆＃34;签名不匹配。要使用的字符串是accountname \ nrl \ nb \ nsc \ n \ n2016-10-09 \ n \ n \ n2015-04-05 \ n＆＃34;。

我的参数是相同的，所以我怀疑它与我如何散列String to Sign有关。下面是我构建令牌的方法。

var crypto = require('crypto');
var accountName = 'accountname';
var accountKey = 'tH37FTlG3TUT86caMrt2y5kOzof8nFqqA6spzg6r7HPRojE1zDiLJD/xE4oLFDh4RNqAmymvlV7fm8W4SF8cJg==';

var signedPermissions = "sp=rl";
var signedServcies = "ss=b";
var signedResourceType = "srt=sc";
var signedExpiry = "se=2016-10-09";
var signedVersion = "sv=2015-04-05";

var stringToSign = accountName + "\n" + signedPermissions + "\n" + signedServcies + "\n" + signedResourceType + "\n" + signedExpiry + "\n" + signedVersion + "\n";
var hmacsha256 = crypto.createHmac('sha256', accountKey).update(stringToSign).digest('base64');
var token = signedPermissions + "&" + signedServcies + "&" + signedResourceType + "&" + signedExpiry + "&" + signedVersion + "&sig=" + hmacsha256;

我也尝试过使用crypto-js，但无济于事。用于访问容器中blob的最终URL是......

＆＃34; https://accountname.blob.core.windows.net/containername/blobName?srt=sc&se=2016-10-09&api-version=2015-04-05&sp=rl&ss=b&sv=2015-04-05&sig=IFD2wyfRAsHGU5IFg3RbwSJW6tRE0m0%2FxgAYvJ%2FmnEk%3D＆＃34;

我已经尝试了几天，真的很想知道我做错了什么。感谢。

Answer 1

苯，对于stringToSign，值不应该有参数名吗？

var signedPermissions = "rl"; var signedServcies = "b"; var signedResourceType = "sc"; var signedExpiry = "2016-10-09"; var signedVersion = "2015-04-05";

Answer 2

请尝试以下操作（代码无耻地从Azure Storage Node.js library获取）：

var hmacsha256 = crypto.createHmac('sha256', new Buffer(accountKey, 'base64')).update(stringToSign, 'utf-8').digest('base64');

Azure帐户共享访问权限

2 个答案: