Question

我在生成SAS令牌以下载Azure存储文件时遇到一些问题。以下内容将产生无法使用的URI。我收到的错误消息是Signature did not match，但我不确定为什么。

有人有没有生成SAS令牌并获得签名以进行手动匹配？

    static void Main(string[] args)
    {
        var sas = generateSAS
        (
            key,            // Azure portal very secret ^-^
            keyName,        // Azure portal, example: key1
            resourceUri,    // example: https://myaccount.blob.core.windows.net/emails/email.pdf
            resourcePath    // example: /blob/myaccount/emails/email.pdf
        );
    }

    private static string generateSAS(string key, string keyName, string uri, string path)
    {
        var permissions = "r";
        var startTime = DateTime.UtcNow;
        var endTime = DateTime.UtcNow.AddSeconds(60 * 2);
        var canonicalizedresource = path;
        var signedidentifier = keyName;
        var signedversion = "2012-02-12";

        var stringToSign = permissions + "\n" +
                           startTime.ToUniversalTime().ToString("u").Replace(" ", "T") + "\n" +
                           endTime.ToUniversalTime().ToString("u").Replace(" ", "T") + "\n" +
                           canonicalizedresource + "\n" +
                           signedidentifier + "\n" +
                           signedversion;

        HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));

        var signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));

        return string.Format(CultureInfo.InvariantCulture, "{0}?sp={1}&st={2}&se={3}&spr={4}&sv={5}&sr={6}&si={7}&sig={8}",
            uri,
            permissions,
            startTime.ToUniversalTime().ToString("u").Replace(" ", "T"),
            endTime.ToUniversalTime().ToString("u").Replace(" ", "T"),
            "https",
            signedversion,
            "b",
            keyName,
            HttpUtility.UrlEncode(signature));
    }

Answer 1

请尝试以下代码，它会为我生成一个有效的sas令牌：

private static string generateSAS(string resourceUri, string account_name, string key)
{
    var accountName = account_name;
    var accountKey = key;
    var start = DateTime.UtcNow.AddHours(-2).ToString("yyyy-MM-ddTHH:mm:ssZ");
    var end = DateTime.UtcNow.AddHours(2).ToString("yyyy-MM-ddTHH:mm:ssZ");
    var permission = "rwdlac";
    var serviceType = "b";
    var resourceTypes = "sco";
    var protocol = "https";
    var serviceVersion = "2019-02-02";

    //here is the difference from your code.
    var stringToSign = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n",accountName, permission,serviceType,resourceTypes,start,end,"",protocol,serviceVersion);

    HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(accountKey));
    string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
    var sasToken = string.Format("?sv={0}&ss={1}&srt={2}&sp={3}&se={4}&st={5}&spr={6}&sig={7}", serviceVersion,
        serviceType, resourceTypes, permission, end, start, protocol, HttpUtility.UrlEncode(signature));

    var urlToListTables = resourceUri + sasToken;

    return urlToListTables;
}

Answer 2

以下代码行很可能是问题所在：

HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));

请更改为：

HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(key));

Azure存储SAS签名不匹配，如何生成SAS令牌？

2 个答案: