我正在尝试使用下面的python函数来验证对azure存储api的get请求,但是出现以下错误:
<Response [403]>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
我要发出的请求的网址是:
'https:// {帐户名称} .dfs.core.windows.net / {文件系统}?directory = {directory}&recursive = False&resource =文件系统'
REST api的文档: https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list
有关如何使用帐户密钥进行身份验证的文档: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
def get_shared_access_authorization(self, directory):
directory = directory
file_system_name = self.fileSystem
storage_account_name = self.storageAccountName
storage_account_key = self.accountKey
request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
string_params = {
'verb': 'GET',
'Content-Encoding': '',
'Content-Language': '',
'Content-Length': '',
'Content-MD5': '',
'Content-Type': '',
'Date': '',
'If-Modified-Since': '',
'If-Match': '',
'If-None-Match': '',
'If-Unmodified-Since': '',
'Range': '',
'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name + '\ndirectory:'+directory+'\nrecursive:false\nresource:filesystem'
}
string_to_sign = (string_params['verb'] + '\n'
+ string_params['Content-Encoding'] + '\n'
+ string_params['Content-Language'] + '\n'
+ string_params['Content-Length'] + '\n'
+ string_params['Content-MD5'] + '\n'
+ string_params['Content-Type'] + '\n'
+ string_params['Date'] + '\n'
+ string_params['If-Modified-Since'] + '\n'
+ string_params['If-Match'] + '\n'
+ string_params['If-None-Match'] + '\n'
+ string_params['If-Unmodified-Since'] + '\n'
+ string_params['Range'] + '\n'
+ string_params['CanonicalizedHeaders']
+ string_params['CanonicalizedResource'])
signed_string = base64.b64encode(
hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
digestmod=hashlib.sha256).digest()).decode()
headers = {
'x-ms-date': request_time,
'x-ms-version': '2018-11-09',
'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)
}
return headers
我检查了所有输入(目录,文件系统名称,存储帐户名称和帐户密钥)是否正确。任何帮助将不胜感激。
更新:我已经尝试在auth标头中同时使用'SharedKey'和'SharedKeyLite'。
更新2:通过将“ false”更改为“ False”解决了该问题。我已经概括了工作功能并将其包括在下面。
def get_shared_access_authorization(self, directory, file_system_name, storage_account_name, storage_account_key):
request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
string_params = {
'verb': 'GET',
'Content-Encoding': '',
'Content-Language': '',
'Content-Length': '',
'Content-MD5': '',
'Content-Type': '',
'Date': '',
'If-Modified-Since': '',
'If-Match': '',
'If-None-Match': '',
'If-Unmodified-Since': '',
'Range': '',
'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name + '\ndirectory:'+directory+'\nrecursive:False\nresource:filesystem'
}
string_to_sign = (string_params['verb'] + '\n'
+ string_params['Content-Encoding'] + '\n'
+ string_params['Content-Language'] + '\n'
+ string_params['Content-Length'] + '\n'
+ string_params['Content-MD5'] + '\n'
+ string_params['Content-Type'] + '\n'
+ string_params['Date'] + '\n'
+ string_params['If-Modified-Since'] + '\n'
+ string_params['If-Match'] + '\n'
+ string_params['If-None-Match'] + '\n'
+ string_params['If-Unmodified-Since'] + '\n'
+ string_params['Range'] + '\n'
+ string_params['CanonicalizedHeaders']
+ string_params['CanonicalizedResource'])
signed_string = base64.b64encode(
hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
digestmod=hashlib.sha256).digest()).decode()
headers = {
'x-ms-date': request_time,
'x-ms-version': '2018-11-09',
'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)
}
return headers
答案 0 :(得分:0)
请尝试将SharedKeyLite
更改为SharedKey
授权。实质上更改以下代码行:
'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)
到
'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)