我想将 SAS uri 提供给其他应用程序,以允许它们将文件发送到 blob 容器。但是,尝试上传文件时代码失败,给我一个异常,指出:
服务器无法对请求进行身份验证。确保授权标头的值格式正确,包括签名。
我正在使用aspnetcore和WindowsAzure.Storage版本9.1.0。
var acc = CloudStorageAccount.Parse("mysecrets");
CloudBlobClient client = acc.CreateCloudBlobClient();
var container = client.GetContainerReference("myblobcontainer");
await container.CreateIfNotExistsAsync();
var permissions = container.GetPermissionsAsync().Result;
permissions.SharedAccessPolicies.Add("writepolicy",
new SharedAccessBlobPolicy
{
Permissions =
SharedAccessBlobPermissions.Add |
SharedAccessBlobPermissions.Create |
SharedAccessBlobPermissions.List |
SharedAccessBlobPermissions.Write,
});
await container.SetPermissionsAsync(permissions);
var sas = container.GetSharedAccessSignature(null, "writepolicy");
var accessUri = container.Uri.ToString() + sas;
var cloudBlobContainer = new CloudBlobContainer(new Uri(accessUri));
var blob = cloudBlobContainer.GetBlockBlobReference("myfile.txt");
await blob.UploadFromFileAsync("foo.txt");
我也尝试像这样创建 cloudBlobContainer:
var cloudBlobContainer =
new CloudBlobContainer(container.Uri, new StorageCredentials(sas));
本质上,问题是您的Shared Access Signature (SAS)丢失Expiry Date即 SAS 到期的日期/时间。
当我运行您的代码时,我遇到了同样的错误。但是当我通过 Fiddler 跟踪请求/响应时,这就是存储服务发回的内容:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:320035be-801e-0040-6e5e-c30407000000
Time:2018-03-24T10:57:38.7791868Z
</Message>
<AuthenticationErrorDetail>
Signed expiry must be specified in signature or SAS identifier
</AuthenticationErrorDetail>
</Error>
您需要做的是添加到期日期/时间。可以添加到共享访问策略,也可以在创建 SAS 时指定此策略(但不能同时在两个位置指定(。
请使用以下代码创建 SAS:
var policy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15)
};
var sas = container.GetSharedAccessSignature(policy, "writepolicy");