Azure Storage C#客户端在MVC应用程序中返回403,但在控制台应用程序

时间:2017-08-10 08:47:15

标签: azure azure-storage

我在我的MVC应用程序中使用Azure Storage C#客户端遇到问题,无论是本地还是Azure应用服务。我在控制台和MVC5应用程序中使用如下客户端:

var account = CloudStorageAccount.Parse("connectionstring");
var client = account.CreateCloudBlobClient();
var container = client.GetContainerReference("containername");
var blob = container.GetBlockBlobReference("somefile");
var exists = blob.Exists();

我对所有参数使用完全相同的值。 Exists调用在控制台应用程序中正常工作,但在MVC5应用程序中返回异常:

[WebException: The remote server returned an error: (403) Forbidden.]

在检查客户端使用Fiddler生成的两个请求后,它会显示以下请求/响应。

控制台应用请求:

HEAD <url> HTTP/1.1
User-Agent: Azure-Storage/8.3.0 (.NET CLR 4.0.30319.42000; Win32NT 6.2.9200.0)
x-ms-version: 2017-04-17
x-ms-client-request-id: 6d51e6c2-fb3f-48fd-ade5-2031d593b553
x-ms-date: Thu, 10 Aug 2017 07:35:52 GMT
Authorization: SharedKey <creds>
Host: <host>
Connection: Keep-Alive

控制台应用响应:

HTTP/1.1 200 OK
Content-Length: 3992
Content-Type: image/gif
Content-MD5: Ehfh+rzNrbvTgIEh9gQgfw==
Last-Modified: Tue, 27 Jun 2017 13:48:41 GMT
Accept-Ranges: bytes
ETag: "0x8D4BD6338BAED01"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d7b7e17e-0001-003e-7bab-11987d000000
x-ms-version: 2017-04-17
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: false
Date: Thu, 10 Aug 2017 07:35:51 GMT

MVC5请求:

HEAD <url> HTTP/1.1
User-Agent: Azure-Storage/8.3.0 (.NET CLR 4.0.30319.42000; Win32NT 10.0.15063.0)
x-ms-version: 2017-04-17
x-ms-client-request-id: 138d3edc-a3b1-48c6-b268-6b878a4c01fd
x-ms-date: Thu, 10 Aug 2017 07:33:46 GMT
Authorization: SharedKey <creds>
Host: <host>
x-ms-request-root-id: ef1cb29-49a22f2b3f72be30
x-ms-request-id: |ef1cb29-49a22f2b3f72be30.
Request-Id: |ef1cb29-49a22f2b3f72be30.

MVC5回复:

HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Transfer-Encoding: chunked
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: 106917c2-0001-00b8-2aaa-11ccaf000000
Date: Thu, 10 Aug 2017 07:33:45 GMT

这两个应用程序都针对.NET 4.5.2并使用WindowsAzure.Storage软件包的8.3.0版。我也尝试了8.2.1和6.2.1版,但遇到了同样的问题。

当代码和值完全相同时,为什么这两个应用程序会产生不同的HEAD请求?

2 个答案:

答案 0 :(得分:4)

事实证明我遇到了this问题。在我的MVC应用程序中,我正在使用Application Insights。在我的web.config中,我有以下配置,如默认AI模板所示:

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    <remove name="ApplicationInsightsWebTracking" />
    <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
  </modules>
<system.webServer>

停用此网络跟踪模块后,{Bloon存储的请求中不再传递x-ms-request-root-idx-ms-request-idRequest-Id,而且工作正常。

答案 1 :(得分:1)

您好我们遇到了同样的问题。总是403.经过几天的调试后,我发现应用程序见解为传出请求添加了标头(因为我们跟踪依赖关系)到BLOB存储。因此,计算的签名与请求中的签名不同。当我从没有问题的环境中比较ApplicationInsights.config时,我发现我们错过了这部分

<TelemetryModules>
<Add Type="Microsoft.ApplicationInsights.DependencyCollector.DependencyTrackingTelemetryModule, Microsoft.AI.DependencyCollector">
  <ExcludeComponentCorrelationHttpHeadersOnDomains>
    <!-- 
    Requests to the following hostnames will not be modified by adding correlation headers. 
    This is only applicable if Profiler is installed via either StatusMonitor or Azure Extension.
    Add entries here to exclude additional hostnames.
    NOTE: this configuration will be lost upon NuGet upgrade.
    -->
    <Add>core.windows.net</Add>
    <Add>core.chinacloudapi.cn</Add>
    <Add>core.cloudapi.de</Add>
    <Add>core.usgovcloudapi.net</Add>
    <Add>localhost</Add>
    <Add>127.0.0.1</Add>
  </ExcludeComponentCorrelationHttpHeadersOnDomains>
</Add>

你看到core.windows.net现在已被排除,在此之后一切正常。