Asp.net mvc 如何防止错误的发生';访问被拒绝';使用Asp.net mvc在AWS bucket中上载文件时
我尝试在asp.net mvc的s3 bucket中上传文件, 我得到一个权限错误。请让我知道我哪里做错了。我还添加了IAM s3策略, 我的桶政策如下Asp.net mvc 如何防止错误的发生';访问被拒绝';使用Asp.net mvc在AWS bucket中上载文件时,asp.net-mvc,amazon-web-services,amazon-s3,Asp.net Mvc,Amazon Web Services,Amazon S3,我尝试在asp.net mvc的s3 bucket中上传文件, 我得到一个权限错误。请让我知道我哪里做错了。我还添加了IAM s3策略, 我的桶政策如下 { "Version": "2012-10-17", "Statement": [ { "Sid": "AddCannedAcl", "Effect": "Allow", "Principal": { "AWS
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddCannedAcl",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::10250405040:user/someone"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::something/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "public-read"
}
}
}
]
}
我的IAM政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:PutObject",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
这是我的密码
以下变量在控制器类中全局声明。
并将其发送到下面的上传方法中的AmazonS3Client方法
private static readonly string _awsAccessKey = "something";
private static readonly string _awsSecretKey = "something";
private static readonly string _bucketName = "something";
[HttpPost]
public ContentResult UploadImgsAndInsertIncident()
{
try
{
foreach (string file in Request.Files)
{
var uploadedFile = Request.Files[file];
if (uploadedFile != null)
{
AmazonS3Config S3Config = new AmazonS3Config
{
//its default region set by amazon
SignatureVersion = "4",
RegionEndpoint = RegionEndpoint.USEast1,
SignatureMethod = SigningAlgorithm.HmacSHA256
};
AmazonS3Client client;
using (client = new Amazon.S3.AmazonS3Client(_awsAccessKey, _awsSecretKey, S3Config))
{
var request = new PutObjectRequest()
{
BucketName = _bucketName,
CannedACL = S3CannedACL.PublicRead,//PERMISSION TO FILE PUBLIC ACCESIBLE
Key = string.Format("UPLOADS/{0}", uploadedFile.FileName),
InputStream = uploadedFile.InputStream//SEND THE FILE STREAM
};
var response = client.PutObject(request);
if (Convert.ToString(response.HttpStatusCode) == "OK")
{
//do what you want..
}
}
}
}
}
catch (Exception)
{
}
return Content("Success");
}
在这条线上
var response = client.PutObject(request);
获取异常,即“访问被拒绝”。
那么问题出在哪里?我缺少什么?我们必须编辑公共访问设置,然后需要为您的帐户和存储桶将前两个选项设置为false,最后两个选项设置为true。 例如:
“bucketName”是您真正的bucket名称,还是这只是一个示例?:)这只是一个示例,您的bucket策略指定了IAM用户。您是以IAM用户身份运行代码还是使用IAM角色运行代码?你能发布你的IAM策略吗?是的,我用IAM用户运行代码。我添加了我的IAM策略
Manage public access control lists (ACLs):
Block new public ACLs and uploading public objects (Recommended)
False
Remove public access granted through public ACLs (Recommended)
False
Manage public bucket policies:
Block new public bucket policies (Recommended)
True
Block public and cross-account access if bucket has public policies (Recommended)
True