我想将SAS uris提供给其他应用程序,以允许它们将文件发送到blob容器。但是,尝试上传文件时代码失败,给出了一个异常,其中说明了:
服务器无法验证请求。确保正确形成Authorization标头的值,包括签名。
我正在使用aspnetcore和WindowsAzure.Storage版本9.1.0。
var acc = CloudStorageAccount.Parse("mysecrets");
CloudBlobClient client = acc.CreateCloudBlobClient();
var container = client.GetContainerReference("myblobcontainer");
await container.CreateIfNotExistsAsync();
var permissions = container.GetPermissionsAsync().Result;
permissions.SharedAccessPolicies.Add("writepolicy",
new SharedAccessBlobPolicy
{
Permissions =
SharedAccessBlobPermissions.Add |
SharedAccessBlobPermissions.Create |
SharedAccessBlobPermissions.List |
SharedAccessBlobPermissions.Write,
});
await container.SetPermissionsAsync(permissions);
var sas = container.GetSharedAccessSignature(null, "writepolicy");
var accessUri = container.Uri.ToString() + sas;
var cloudBlobContainer = new CloudBlobContainer(new Uri(accessUri));
var blob = cloudBlobContainer.GetBlockBlobReference("myfile.txt");
await blob.UploadFromFileAsync("foo.txt");
我也尝试过像这样创建cloudBlobContainer:
var cloudBlobContainer =
new CloudBlobContainer(container.Uri, new StorageCredentials(sas));
答案 0 :(得分:1)
基本上问题是您的Shared Access Signature (SAS)缺少Expiry Date,即SAS过期的日期/时间。
当我运行你的代码时,我得到了同样的错误。但是当我通过Fiddler跟踪请求/响应时,这就是Storage Service发回的内容:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:320035be-801e-0040-6e5e-c30407000000
Time:2018-03-24T10:57:38.7791868Z
</Message>
<AuthenticationErrorDetail>
Signed expiry must be specified in signature or SAS identifier
</AuthenticationErrorDetail>
</Error>
您需要做的是添加到期日期/时间。您可以添加到共享访问策略,也可以在创建SAS时指定此策略(但不能在两个地方都指定)。
请使用以下代码创建SAS:
var policy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15)
};
var sas = container.GetSharedAccessSignature(policy, "writepolicy");