使用访问密钥的REST Api至Azure Blob存储

时间:2019-06-26 13:56:26

标签: azure azure-storage azure-storage-blobs

我们正尝试在不使用Azure SDK的情况下从天蓝色blob存储访问blob,

我们正尝试通过Azure REST API通过共享密钥进行访问,为此,我们需要生成Authorization标头,但是当我尝试根据访问密钥创建签名时,出现以下错误

“服务器无法验证请求。请确保正确构成Authorization标头的值,包括签名。”

“在HTTP请求“密钥哈希”中找到的MAC签名与任何计算出的签名都不相同”

需要帮助来生成正确的授权标头,我们已经遵循了文档

https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

https://docs.microsoft.com/en-gb/rest/api/storageservices/authorization-for-the-azure-storage-services?redirectedfrom=MSDN

我们也在邮递员中尝试过,并且遇到相同的错误。

     string signWithAccountKey(string stringToSign, string accountKey)
     {
            var hmacsha = new System.Security.Cryptography.HMACSHA256();
            hmacsha.Key = Convert.FromBase64String(accountKey);
            var signature = hmacsha.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
            return Convert.ToBase64String(signature);
     }

在HTTP请求“密钥哈希”中找到的MAC签名与任何计算出的签名都不相同

1 个答案:

答案 0 :(得分:0)

我为List Blobs api编写了以下代码。您可以关注/修改我的代码,并尝试使用其他Blob API。

class Program
{

  static void Main(string[] args)
   {
     ListBlobs();

      Console.WriteLine("done");
      Console.ReadLine();    
   }  


static void ListBlobs()
{
    string Account = "xxxx";
    string Key = "xxxx";
    string Container = "aa1";
    string apiversion = "2018-03-28";

    DateTime dt = DateTime.UtcNow;
    string StringToSign = String.Format("GET\n"
        + "\n" // content encoding
        + "\n" // content language
        + "\n" // content length
        + "\n" // content md5
        + "\n" // content type
        + "\n" // date
        + "\n" // if modified since
        + "\n" // if match
        + "\n" // if none match
        + "\n" // if unmodified since
        + "\n" // range
        + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:"+apiversion+"\n" // headers
        + "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);

    string auth = SignThis(StringToSign, Key, Account);

    Console.WriteLine($"the date is: {dt.ToString("R")}");
    Console.WriteLine($"the auth token is: {auth}");
    Console.WriteLine("*********");
    string method = "GET";
    string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
    Uri uri = new Uri(urlPath);
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    request.Method = method;
    request.Headers.Add("x-ms-date", dt.ToString("R"));
    request.Headers.Add("x-ms-version", apiversion);
    request.Headers.Add("Authorization", auth);

    Console.WriteLine("***list all the blobs in the specified container, in xml format***");
    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {

        using (StreamReader reader = new StreamReader(response.GetResponseStream()))
        {
            Console.WriteLine(reader.ReadToEnd());
        }
    }
}


private static String SignThis(String StringToSign, string Key, string Account)
        {
            String signature = string.Empty;
            byte[] unicodeKey = Convert.FromBase64String(Key);
            using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                  CultureInfo.InvariantCulture,
                  "{0} {1}:{2}",
                  "SharedKey",
                  Account,
                  signature);

            return authorizationHeader;
        }


   }

在Visual Studio和邮递员中的测试结果:

enter image description here

相关问题
最新问题