Azure Lease Blob API 403错误

时间:2018-03-07 05:38:09

标签: php azure azure-storage

我正在尝试租用blob来删除它,但由于发生403错误,我的租约blob API代码无效。

生成签名代码(PHP) 

<?php
$account = "myaccount";
$container = "mycontainer";
$accessKey = "myaccesskey";
$blob = "myblob";
$date = gmdate('D, d M Y H:i:s T');
$headers = [
  'x-ms-date:${date}',
 'x-ms-lease-action:acquire',
  'x-ms-lease-duration:-1',
  'x-ms-lease-id:49383176-ad23-4f85-acbf-01edcd02d177',
  'x-ms-version:2017-04-17',
];
$stringToSign = [
  // VERB
  'PUT',
  // Content-Encoding
  '',
  // Content-Language
  '',
  // Content-Length
  '',
  // Content-MD5
  '',
  // Content-Type
  '',
  // Date
  '',
  // If-Modified-Since
  '',
  // If-Match
  '',
  // If-None-Match
  '',
  // If-Unmodified-Since
  '',
  // Range
  '',
];
$stringToSign = array_merge($stringToSign, $headers, ["/$account/$container/$filename"], ["comp:lease"]);
$stringToSign = implode("\n", $stringToSign);
$signature = base64_encode(hash_hmac('sha256', $stringToSign, base64_decode($accessKey), true));
echo $signature
?>

我添加了内容长度标头,因为发生了411错误。

租赁Blob API(curl命令) 

STG_ACCOUNT="myaccount"
CONT_NAME="mycontainer"
BLOCK_NAME="myblob"
DATE=`date +"%a, %d %b %Y %H:%M:%S GMT" --utc`
ACCESS_KEY="signature"
LEASE_ID="49383176-ad23-4f85-acbf-01edcd02d177"

curl -i -X PUT https://$STG_ACCOUNT.blob.core.windows.net/$CONT_NAME/$BLOCK_NAME?comp=lease  -H "Content-Length:0"  -H "Authorization: SharedKey $STG_ACCOUNT:$ACCESS_KEY" -H "x-ms-date:$DATE" -H "x-ms-lease-action:acquire" -H "x-ms-lease-duration:-1" -H "x-ms-lease-id:$LEASE_ID" -H "x-ms-version:2017-04-17"

错误 

HTTP/2 403
content-length: 774
content-type: application/xml
server: Microsoft-HTTPAPI/2.0
x-ms-request-id: 98f7dbe2-801e-0017-78f2-b5d325000000
date: Wed, 07 Mar 2018 09:02:11 GMT

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:98f7dbe2-801e-0017-78f2-b5d325000000
Time:2018-03-07T09:02:12.1896957Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'qaRQQPDc8T8lFCTq5W6ZkjrJoX6W+a419RMd8MWJsUg=' is not the same as any computed signature. Server used following string to sign: 'PUT











x-ms-date:Wed, 07 Mar 2018 09:02:11 GMT
x-ms-lease-action:acquire
x-ms-lease-duration:-1
x-ms-lease-id:49383176-ad23-4f85-acbf-01edcd02d177
x-ms-version:2017-04-17
/myaccount/mycontainer/myblob
comp:lease'.</AuthenticationErrorDetail></Error>

我已经尝试过其他blob服务API这样的获取blob但是它成功了。所以我认为这些代码有一些错误。请帮帮我。

1 个答案:

答案 0 :(得分:1)

我认为问题出在Content-Length请求标头上。请使用空字符串替换0$stringToSign的内容长度。

来自documentation

  

版本2015-02-21及更高版本中的内容长度标题

     

使用版本2015-02-21或更高版本时,如果Content-Length为零,   然后将StringToSign的Content-Length部分设置为空   字符串。

<强>更新

经过进一步检查,您的$stringToSign遗失comp:lease。请尝试更改以下代码行:

$stringToSign = array_merge($stringToSign, $headers, ["/$account/$container/$filename"]);


$stringToSign = array_merge($stringToSign, $headers, ["/$account/$container/$filename"], ["comp:lease"]);
相关问题
最新问题