Azure 如何使用SharedAccessSignature访问Blob
我正在尝试访问存储在Windows Azure中的私有容器中的blob。容器具有共享访问签名,但当我尝试 要访问blob,我得到一个StorgeClientException“服务器无法验证请求。请确保已形成授权标头 正确地包括签名” 创建容器并上载blob的代码如下所示:Azure 如何使用SharedAccessSignature访问Blob,azure,azure-storage-blobs,blobstorage,Azure,Azure Storage Blobs,Blobstorage,我正在尝试访问存储在Windows Azure中的私有容器中的blob。容器具有共享访问签名,但当我尝试 要访问blob,我得到一个StorgeClientException“服务器无法验证请求。请确保已形成授权标头 正确地包括签名” 创建容器并上载blob的代码如下所示: // create the container, set a Shared Access Signature, and share it // first this to do is to create the conn
// create the container, set a Shared Access Signature, and share it
// first this to do is to create the connnection to the storage account
// this should be in app.config but as this isa test it will just be implemented
// here:
// add a reference to Microsoft.WindowsAzure.StorageClient
// and Microsoft.WindowsAzure.StorageClient set up the objects
//storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings["ConnectionString"]);
blobClient = storageAccount.CreateCloudBlobClient();
// get a reference tot he container for the shared access signature
container = blobClient.GetContainerReference("blobcontainer");
container.CreateIfNotExist();
// now create the permissions policy to use and a public access setting
var permissions = container.GetPermissions();
permissions.SharedAccessPolicies.Remove("accesspolicy");
permissions.SharedAccessPolicies.Add("accesspolicy", new SharedAccessPolicy
{
// this policy is live immediately
// if the policy should be delatyed then use:
//SharedAccessStartTime = DateTime.Now.Add(T); where T is some timespan
SharedAccessExpiryTime =
DateTime.UtcNow.AddYears(2),
Permissions =
SharedAccessPermissions.Read | SharedAccessPermissions.Write
});
// turn off public access
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
// set the permission on the ocntianer
container.SetPermissions(permissions);
var sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "accesspolicy");
StorageCredentialsSharedAccessSignature credentials = new StorageCredentialsSharedAccessSignature(sas);
CloudBlobClient client = new CloudBlobClient(storageAccount.BlobEndpoint,
new StorageCredentialsSharedAccessSignature(sas));
CloudBlob sasblob = client.GetBlobReference("blobcontainer/someblob.txt");
sasblob.UploadText("I want to read this text via a rest call");
// write the SAS to file so I can use it later in other apps
using (var writer = new StreamWriter(@"C:\policy.txt"))
{
writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
}
// the storace credentials shared access signature is copied directly from the text file "c:\policy.txt"
CloudBlobClient client = new CloudBlobClient("https://my.azurestorage.windows.net/", new StorageCredentialsSharedAccessSignature("?sr=c&si=accesspolicy&sig=0PMoXpht2TF1Jr0uYPfUQnLaPMiXrqegmjYzeg69%2FCI%3D"));
CloudBlob blob = client.GetBlobReference("blobcontainer/someblob.txt");
Console.WriteLine(blob.DownloadText());
Console.ReadLine();
我一直试图使用的代码读取blob如下所示:
// create the container, set a Shared Access Signature, and share it
// first this to do is to create the connnection to the storage account
// this should be in app.config but as this isa test it will just be implemented
// here:
// add a reference to Microsoft.WindowsAzure.StorageClient
// and Microsoft.WindowsAzure.StorageClient set up the objects
//storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings["ConnectionString"]);
blobClient = storageAccount.CreateCloudBlobClient();
// get a reference tot he container for the shared access signature
container = blobClient.GetContainerReference("blobcontainer");
container.CreateIfNotExist();
// now create the permissions policy to use and a public access setting
var permissions = container.GetPermissions();
permissions.SharedAccessPolicies.Remove("accesspolicy");
permissions.SharedAccessPolicies.Add("accesspolicy", new SharedAccessPolicy
{
// this policy is live immediately
// if the policy should be delatyed then use:
//SharedAccessStartTime = DateTime.Now.Add(T); where T is some timespan
SharedAccessExpiryTime =
DateTime.UtcNow.AddYears(2),
Permissions =
SharedAccessPermissions.Read | SharedAccessPermissions.Write
});
// turn off public access
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
// set the permission on the ocntianer
container.SetPermissions(permissions);
var sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "accesspolicy");
StorageCredentialsSharedAccessSignature credentials = new StorageCredentialsSharedAccessSignature(sas);
CloudBlobClient client = new CloudBlobClient(storageAccount.BlobEndpoint,
new StorageCredentialsSharedAccessSignature(sas));
CloudBlob sasblob = client.GetBlobReference("blobcontainer/someblob.txt");
sasblob.UploadText("I want to read this text via a rest call");
// write the SAS to file so I can use it later in other apps
using (var writer = new StreamWriter(@"C:\policy.txt"))
{
writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
}
// the storace credentials shared access signature is copied directly from the text file "c:\policy.txt"
CloudBlobClient client = new CloudBlobClient("https://my.azurestorage.windows.net/", new StorageCredentialsSharedAccessSignature("?sr=c&si=accesspolicy&sig=0PMoXpht2TF1Jr0uYPfUQnLaPMiXrqegmjYzeg69%2FCI%3D"));
CloudBlob blob = client.GetBlobReference("blobcontainer/someblob.txt");
Console.WriteLine(blob.DownloadText());
Console.ReadLine();
我可以通过添加帐户凭据来实现上述功能,但这正是我试图避免的。我不想要什么
就像我的帐户凭据一样敏感,我不知道如何在没有帐户凭据的情况下将签名输入客户端应用程序
非常感谢您的帮助。我的.azurestorage.windows.net只是一个打字错误吗?我希望那里会有这样的东西“https://account.blob.core.windows.net“
否则,代码看起来与中的代码非常相似,这很有效。为什么
writer.WriteLine(container.GetSharedAccessSignature(new SharedAccessPolicy(), "securedblobpolicy"));
并且没有写入您已经创建的sas
字符串
已经很晚了,我可能很容易遗漏了一些东西,但看起来您可能没有保存最初用于编写文件的访问签名
这里可能也不相关,但我相信您可以拥有的集装箱范围的保单数量是有限制的。您是否使用此代码将多个文件上载到同一容器中,并每次创建一个新容器
一般来说,我认为最好在您需要的时候为单个blob请求sas,并且有效期较短。my.azurestorage.windows.net存在,因为不需要公开帐户信息。该代码可能看起来与您引用的博客中的代码非常相似,并且在一定程度上确实有效,但它不允许使用共享访问签名匿名访问blob。这就是问题所在!但可以肯定的是,您的实际值以
.blob.core.windows.net
结尾,对吗?(前缀是存储帐户的名称?)实际应用程序中的值是容器的地址。我现在还没有打开我的代码,但是里面的内容是准确的,因为我可以在提供帐户凭据时访问容器和blob。我仍然不确定为什么命名策略没有返回正确的值,但它现在正在工作。感谢您的输入。container.GetSharedAccessSignature(new-SharedAccessPolicy(),“securedblobpolicy”))正在从容器返回sas字符串(或者至少我认为它是这样做的,我可能是错的。)天哪,这太痛苦了。显然,当我使用GetSharedAccessSignature方法时,并没有检索到相同的密钥。谢谢你指出那个标记。现在我只需要面对感觉自己像个傻瓜:)很高兴能帮上忙——不要难过——我们都这么做了!