我有一个azure函数,它生成一个sas密钥,我以后用它来将文件上传到我的blob。以下是我生成sas密钥的方法:
CloudBlobContainer container = blobClient.GetContainerReference("sasimagecontainer");
container.CreateIfNotExists();
static string GetContainerSasUri(CloudBlobContainer container)
{
//Set the expiry time and permissions for the container.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5);
sasConstraints.SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(25);
sasConstraints.Permissions = SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Add | SharedAccessBlobPermissions.Create;
//Generate the shared access signature on the container, setting the constraints directly on the signature.
string sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return container.Uri + sasContainerToken + "&comp=list&restype=container";
}
然后我可以打电话给
GetContainerSasUri(容器));
获取sas密钥。但是,当我使用以下代码来调用它时:
CloudBlockBlob blob = new CloudBlockBlob(thesaskey);
using (var fileStream = File.OpenRead(file))
{
await blob.UploadFromStreamAsync(fileStream);
}
我一直收到403错误。这就是我在VS 2017中调试所得到的,我不知道如何才能获得有关此问题的更多信息。
我已经在SO上调查了大多数关于类似问题的类似线程并应用了可能的修复,例如最后的“& comp = list& restype = container”参数。
//我尝试将SharedAccessBlobPermissions.List添加到权限中,但这不起作用。
//我实际上添加了所有权限(当然除了None),以检查是否可能会改变某些内容 - 但事实并非如此。目标仍然是只有上传权限。
答案 0 :(得分:1)
我能够重现错误,这就是我修复错误的方法:
您需要将SAS传递给CloudBlobContainer而不是CloudBlockBlob。然后使用容器检索blob引用(您可能希望使用文件的filename属性):
var container = new CloudBlobContainer(thesaskey);
var blob = container.GetBlockBlobReference("<yourFileName>");
await blob.UploadFromFileAsync(@"YOURPATH")
请注意,您可以使用便捷方法UploadFromFileAsync
以下是我用来测试它的控制台应用程序:
class Program
{
static void Main(string[] args)
{
var connectionString = String.Format("DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1}",
"<AccountName>",
"<AccountKey>");
var storageAccount = CloudStorageAccount.Parse(connectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("sasimagecontainer");
container.CreateIfNotExistsAsync().GetAwaiter().GetResult();
var sasUri = GetContainerSasUri(container);
var container2 = new CloudBlobContainer(new Uri(sasUri));
var blob2 = container2.GetBlockBlobReference("blobCreatedViaSAS.txt");
blob2.UploadFromFileAsync(@"D:\test.txt").GetAwaiter().GetResult();
}
private static string GetContainerSasUri(CloudBlobContainer container)
{
//Set the expiry time and permissions for the container.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(24);
sasConstraints.Permissions = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Write |
SharedAccessBlobPermissions.Create |
SharedAccessBlobPermissions.Add | SharedAccessBlobPermissions.Read;
//Generate the shared access signature on the container, setting the constraints directly on the signature.
var sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return container.Uri + sasContainerToken;
}
}