使用Asp.net MVC在AWS存储桶中上传文件时如何防止错误``访问被拒绝''

时间:2019-03-13 13:07:00

标签: asp.net-mvc amazon-web-services amazon-s3

我试图在asp.net mvc中的s3存储桶中上传文件, 我收到权限错误。请让我知道我在哪里做错了。我还添加了IAM s3政策, 我的存储桶政策如下

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddCannedAcl",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::10250405040:user/someone"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::something/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "public-read"
                }
            }
        }
    ]
}

我的IAM政策

 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

这是我的代码 以下变量在全局控制器类中声明。 并将其发送到下面的上传方法中的AmazonS3Client方法

private static readonly string _awsAccessKey = "something";
private static readonly string _awsSecretKey = "something";
private static readonly string _bucketName = "something";
[HttpPost]
public ContentResult UploadImgsAndInsertIncident()
    {
        try
        {
            foreach (string file in Request.Files)
            {
                var uploadedFile = Request.Files[file];
                if (uploadedFile != null)
                {
                    AmazonS3Config S3Config = new AmazonS3Config
                    {
                        //its default region set by amazon
                        SignatureVersion = "4",
                        RegionEndpoint = RegionEndpoint.USEast1,
                        SignatureMethod = SigningAlgorithm.HmacSHA256
                    };

                    AmazonS3Client client;
                    using (client = new Amazon.S3.AmazonS3Client(_awsAccessKey, _awsSecretKey, S3Config))
                    {

                        var request = new PutObjectRequest()
                        {
                            BucketName = _bucketName,
                            CannedACL = S3CannedACL.PublicRead,//PERMISSION TO FILE PUBLIC ACCESIBLE
                            Key = string.Format("UPLOADS/{0}", uploadedFile.FileName),
                            InputStream = uploadedFile.InputStream//SEND THE FILE STREAM
                        };

                        var response = client.PutObject(request);
                        if (Convert.ToString(response.HttpStatusCode) == "OK")
                        {
                            //do what you want..
                        }
                    }
                }
            }

        }

        catch (Exception)
        {

        }
        return Content("Success");
    }

在此行

var response = client.PutObject(request);

获取异常,即“访问被拒绝”。 那么可能是什么问题,而我又缺少什么?

1 个答案:

答案 0 :(得分:0)

我们将必须编辑公共访问设置,然后需要将帐户和存储桶的前两个选项设置为false,将后两个选项设置为true。 例如:

Manage public access control lists (ACLs):
        Block new public ACLs and uploading public objects (Recommended)
                False
        Remove public access granted through public ACLs (Recommended)
                False

Manage public bucket policies:
        Block new public bucket policies (Recommended)
                True
        Block public and cross-account access if bucket has public policies (Recommended)
                True
相关问题
最新问题