共享访问签名以操作Azure blob容器

时间:2018-03-24 10:37:02

标签: azure azure-storage

我想将SAS uris提供给其他应用程序,以允许它们将文件发送到blob容器。但是,尝试上传文件时代码失败,给出了一个异常,其中说明了:

  

服务器无法验证请求。确保正确形成Authorization标头的值,包括签名。

我正在使用aspnetcore和WindowsAzure.Storage版本9.1.0。

        var acc = CloudStorageAccount.Parse("mysecrets");
        CloudBlobClient client = acc.CreateCloudBlobClient();
        var container = client.GetContainerReference("myblobcontainer");
        await container.CreateIfNotExistsAsync();
        var permissions = container.GetPermissionsAsync().Result;
        permissions.SharedAccessPolicies.Add("writepolicy",
            new SharedAccessBlobPolicy
            {
                Permissions =
                    SharedAccessBlobPermissions.Add |
                    SharedAccessBlobPermissions.Create |
                    SharedAccessBlobPermissions.List |
                    SharedAccessBlobPermissions.Write,
            });
        await container.SetPermissionsAsync(permissions);
        var sas = container.GetSharedAccessSignature(null, "writepolicy");
        var accessUri = container.Uri.ToString() + sas;

        var cloudBlobContainer = new CloudBlobContainer(new Uri(accessUri));
        var blob = cloudBlobContainer.GetBlockBlobReference("myfile.txt");
        await blob.UploadFromFileAsync("foo.txt");

我也尝试过像这样创建cloudBlobContainer:

var cloudBlobContainer = 
             new CloudBlobContainer(container.Uri, new StorageCredentials(sas));

1 个答案:

答案 0 :(得分:1)

基本上问题是您的Shared Access Signature (SAS)缺少Expiry Date,即SAS过期的日期/时间。

当我运行你的代码时,我得到了同样的错误。但是当我通过Fiddler跟踪请求/响应时,这就是Storage Service发回的内容:

<?xml version="1.0" encoding="utf-8"?>
  <Error>
    <Code>AuthenticationFailed</Code>
    <Message>
      Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
      RequestId:320035be-801e-0040-6e5e-c30407000000
      Time:2018-03-24T10:57:38.7791868Z
    </Message>
    <AuthenticationErrorDetail>
      Signed expiry must be specified in signature or SAS identifier
    </AuthenticationErrorDetail>
  </Error>

您需要做的是添加到期日期/时间。您可以添加到共享访问策略,也可以在创建SAS时指定此策略(但不能在两个地方都指定)。

请使用以下代码创建SAS:

    var policy = new SharedAccessBlobPolicy()
    {
        SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15)
    };
    var sas = container.GetSharedAccessSignature(policy, "writepolicy");