如何使用python中的存储帐户密钥对azure存储api请求进行身份验证?

时间:2020-07-20 15:23:00

标签: python azure authentication request

我正在尝试使用下面的python函数来验证对azure存储api的get请求,但是出现以下错误:

<Response [403]>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

我要发出的请求的网址是:

'https:// {帐户名称} .dfs.core.windows.net / {文件系统}?directory = {directory}&recursive = False&resource =文件系统'

REST api的文档: https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list

有关如何使用帐户密钥进行身份验证的文档: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key 

def get_shared_access_authorization(self, directory):
        directory = directory
        file_system_name = self.fileSystem
        storage_account_name = self.storageAccountName
        storage_account_key = self.accountKey
        request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

        string_params = {
            'verb': 'GET',
            'Content-Encoding': '',
            'Content-Language': '',
            'Content-Length': '',
            'Content-MD5': '',
            'Content-Type': '',
            'Date': '',
            'If-Modified-Since': '',
            'If-Match': '',
            'If-None-Match': '',
            'If-Unmodified-Since': '',
            'Range': '',
            'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
            'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name  + '\ndirectory:'+directory+'\nrecursive:false\nresource:filesystem'
        }

        string_to_sign = (string_params['verb'] + '\n'
                          + string_params['Content-Encoding'] + '\n'
                          + string_params['Content-Language'] + '\n'
                          + string_params['Content-Length'] + '\n'
                          + string_params['Content-MD5'] + '\n'
                          + string_params['Content-Type'] + '\n'
                          + string_params['Date'] + '\n'
                          + string_params['If-Modified-Since'] + '\n'
                          + string_params['If-Match'] + '\n'
                          + string_params['If-None-Match'] + '\n'
                          + string_params['If-Unmodified-Since'] + '\n'
                          + string_params['Range'] + '\n'
                          + string_params['CanonicalizedHeaders']
                          + string_params['CanonicalizedResource'])

        signed_string = base64.b64encode(
            hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
                     digestmod=hashlib.sha256).digest()).decode()

        headers = {
            'x-ms-date': request_time,
            'x-ms-version': '2018-11-09',
            'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)
        }

        return headers

我检查了所有输入(目录,文件系统名称,存储帐户名称和帐户密钥)是否正确。任何帮助将不胜感激。

更新:我已经尝试在auth标头中同时使用'SharedKey'和'SharedKeyLite'。

更新2:通过将“ false”更改为“ False”解决了该问题。我已经概括了工作功能并将其包括在下面。

def get_shared_access_authorization(self, directory, file_system_name, storage_account_name, storage_account_key):

        request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

        string_params = {
            'verb': 'GET',
            'Content-Encoding': '',
            'Content-Language': '',
            'Content-Length': '',
            'Content-MD5': '',
            'Content-Type': '',
            'Date': '',
            'If-Modified-Since': '',
            'If-Match': '',
            'If-None-Match': '',
            'If-Unmodified-Since': '',
            'Range': '',
            'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
            'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name  + '\ndirectory:'+directory+'\nrecursive:False\nresource:filesystem'
        }

        string_to_sign = (string_params['verb'] + '\n'
                          + string_params['Content-Encoding'] + '\n'
                          + string_params['Content-Language'] + '\n'
                          + string_params['Content-Length'] + '\n'
                          + string_params['Content-MD5'] + '\n'
                          + string_params['Content-Type'] + '\n'
                          + string_params['Date'] + '\n'
                          + string_params['If-Modified-Since'] + '\n'
                          + string_params['If-Match'] + '\n'
                          + string_params['If-None-Match'] + '\n'
                          + string_params['If-Unmodified-Since'] + '\n'
                          + string_params['Range'] + '\n'
                          + string_params['CanonicalizedHeaders']
                          + string_params['CanonicalizedResource'])

        signed_string = base64.b64encode(
            hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
                     digestmod=hashlib.sha256).digest()).decode()

        headers = {
            'x-ms-date': request_time,
            'x-ms-version': '2018-11-09',
            'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)
        }

        return headers

1 个答案:

答案 0 :(得分:0)

请尝试将SharedKeyLite更改为SharedKey授权。实质上更改以下代码行:

'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)


'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)
相关问题
最新问题