我正在使用Azure存储,但是无法创建适当的SAS令牌传递给前端javascript。经过多个教程和示例,我似乎无法获得JS的有效令牌。
我正在此处的教程中验证我的令牌,以免我自己的JavaScript妨碍我:https://dmrelease.blob.core.windows.net/azurestoragejssample/samples/sample-blob.html
我已经花了数小时来尝试不同的解决方案,但是生成的令牌看起来与azure生成的令牌非常相似。我想念什么?
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
//Set the expiry time and permissions for the container.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(24);
sasConstraints.Permissions = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Write;
//Generate the shared access signature on the container, setting the constraints directly on the signature.
string sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return sasContainerToken;
答案 0 :(得分:1)
关于此问题,您是否尝试过使用JS创建SAS令牌。
var azure = require('azure-storage');
var fs = require('fs');
var SasConstants = azure.Constants.AccountSasConstants;
var blobService = azure.createBlobService();
var containerName = 'containername';
var blobName = 'blobname';
var startDate = new Date('');
var expiryDate = new Date(startDate);
expiryDate.setDate(startDate.getDate() + 1);
var sharedAccessPolicy = {
AccessPolicy: {
Permissions: azure.BlobUtilities.SharedAccessPermissions.READ + azure.BlobUtilities.SharedAccessPermissions.ADD + azure.BlobUtilities.SharedAccessPermissions.CREATE+ azure.BlobUtilities.SharedAccessPermissions.WRITE,
Start: startDate,
Expiry: expiryDate
},
};
var token = blobService.generateSharedAccessSignature(containerName, null, sharedAccessPolicy);
答案 1 :(得分:1)
根据我的测试,该代码可以生成SAS令牌。如果要列出容器中的Blob,则需要将&comp=list&restype=container添加到SAS URL。然后它应该起作用。
Get https://xxxxx.blob.core.windows.net/test?sv=2018-03-28&sr=c&sig=xxxxxxxxx&sp=rwl&comp=list&restype=container
Azure Storage Service无法识别您尝试访问的资源是Blob还是容器,并假定它是Blob。由于它假定资源类型为blob,因此它将$ root blob容器用于SAS计算(您可以从错误消息中看到)。由于SAS是针对标记斑点容器计算的,因此会出现此“签名不匹配”错误。通过指定restype = container,您可以告诉存储服务将资源视为容器。 REST API规范要求comp = list。
有关更多信息,请参阅其他SO thread。
答案 2 :(得分:0)
为存储帐户生成令牌。列出的教程中的权限由存储帐户策略授予。
public static string GenerateAccountSASToken(string connectionString)
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
SharedAccessAccountPolicy accountpolicy = new SharedAccessAccountPolicy();
accountpolicy.SharedAccessStartTime = DateTimeOffset.UtcNow.AddHours(-24);
accountpolicy.SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(24);
accountpolicy.Permissions = SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.ProcessMessages | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Update | SharedAccessAccountPermissions.Write;
accountpolicy.Services = SharedAccessAccountServices.Blob;
accountpolicy.ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Service;
return storageAccount.GetSharedAccessSignature(accountpolicy);
}