使用SAS令牌检查容器是否存在

时间:2018-01-18 15:58:41

标签: azure-storage azure-storage-blobs

我正在使用SAS令牌初始化CloudBlobContainer,如下所示。 

  CloudBlobContainer blobContainer = new CloudBlobContainer(new Uri(sasToken));

现在使用sasToken初始化成功,但是当我使用blobContainer.Exists()时,我收到 403禁止异常。

有没有办法检查令牌的有效性?

目前我正在尝试向容器添加数据。如果它引发异常,我认为它是错误的SAS url。

我只对容器有写访问权限。

感谢。

1 个答案:

答案 0 :(得分:1)

  

现在使用sasToken初始化成功,但是当我使用blobContainer.Exists()时,我得到了403禁止异常。   有没有办法检查令牌的有效性?

blobContainer.Exists()需要阅读权限。只有Account SAS才能运行容器服务层。服务SAS没有此权限。你可以阅读这个link

我创建了两个简单的演示,其中SAS令牌包括写入和读取权限。它工作正常。你可以参考我的代码:

对于服务SAS ,我设置了容器的写入和读取权限。但是您无权获得blobContainer.Exists()的结果:

控制台中的代码:

class Program
{
    static CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
    static void Main(string[] args)
    {
        CloudBlobClient client = storageAccount.CreateCloudBlobClient();
        var container = client.GetContainerReference("orders");
        string sasUri = GetContainerSasUri(container, null);  //create SAS for container by using storage account
        Console.WriteLine("SAS uri:" + sasUri);
        string containerSas = sasUri;
         UseContainerSAS(containerSas);

    }
    static void UseContainerSAS(string sas)
    {
        //Try performing container operations with the SAS provided.
        //Return a reference to the container using the SAS URI.
        CloudBlobClient client = storageAccount.CreateCloudBlobClient();
        CloudBlobContainer container = new CloudBlobContainer(new Uri(sas));//container use SAS
        //1. test Read permissions
        try
        {
            bool b = container.Exists();
            Console.WriteLine("container exists: " + b);
        }catch(StorageException e)
        {
            Console.WriteLine("Read permission in Container: " + e.Message);
        }
        CloudBlockBlob blockBlob = container.GetBlockBlobReference("peter.txt"); //blob named peter
        //2. test Write permission 
        try
        {
            CloudBlockBlob blockBlobWrite = container.GetBlockBlobReference("peter.txt"); //blob named peter2
            // Save blob contents to a file.
            using (var fileStream = System.IO.File.OpenWrite(@"D:\log.txt"))
            {
                blockBlobWrite.DownloadToStream(fileStream);
                Console.WriteLine("Write content to blob successfully");
            }
        }
        catch (StorageException e)
        {
            Console.WriteLine("Write permission: " + e.Message);
        };
        //3. test Delete permission
        try
        {
            blockBlob.Delete();
            Console.WriteLine("Delete blob successfully.");
        }
        catch (StorageException e)
        {
            Console.WriteLine("Delete permission:" + e.Message);
        }
        Console.WriteLine();
    }
    //The method to create sas token for container
    private static string GetContainerSasUri(CloudBlobContainer container, string storedPolicyName = null)
    {
        string sasContainerToken;

        // If no stored policy is specified, create a new access policy and define its constraints.
        if (storedPolicyName == null)
        {              
            SharedAccessBlobPolicy adHocPolicy = new SharedAccessBlobPolicy()
            {
                SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(24), //set 24min
                //set permissions for container
                Permissions = SharedAccessBlobPermissions.Write |SharedAccessBlobPermissions.Read
            };
            // Generate the shared access signature on the container, setting the constraints directly on the signature.
            sasContainerToken = container.GetSharedAccessSignature(adHocPolicy, null);
            Console.WriteLine("SAS for blob container (ad hoc): {0}", sasContainerToken);
            Console.WriteLine();
        }
        else
        {
            sasContainerToken = container.GetSharedAccessSignature(null, storedPolicyName);
            Console.WriteLine("SAS for blob container (stored access policy): {0}", sasContainerToken);
            Console.WriteLine();
        }
        // Return the URI string for the container, including the SAS token.
        return container.Uri + sasContainerToken;
    }
}

Service SAS的结果: enter image description here

对于帐户SAS ,您有权获得container.Exists()的结果。

获取帐户SAS:Azure门户>存储帐户>设置> SAS>选择读写权限>生成SAS>复制blob服务SAS网址。

控制台中的代码:

string accountSasToken = "blob service SAS url";
StorageCredentials accountSAS = new StorageCredentials(accountSasToken);
CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, " storage account name", endpointSuffix:null, useHttps: true);
CloudBlobClient client = accountWithSAS.CreateCloudBlobClient();
CloudBlobContainer container = client.GetContainerReference("orders");
try
{
    bool b = container.Exists();
    Console.WriteLine("container exists: " + b);
}
catch (StorageException e)
{
    Console.WriteLine("Read permission in Container: " + e.Message);
}
try
{
    CloudBlockBlob blockBlobWrite = container.GetBlockBlobReference("peter.txt"); //blob named peter2
    // Save blob contents to a file.
    using (var fileStream = System.IO.File.OpenWrite(@"D:\log.txt"))
    {
        blockBlobWrite.DownloadToStream(fileStream);
        Console.WriteLine("Write content to blob successfully");
    }
}
catch (StorageException e)
{
    Console.WriteLine("Write permission: " + e.Message);
}

关于Account SAS的结果: enter image description here

相关问题
最新问题