Azure 如何找到共享访问令牌已过期的bloburl?
我写了下面的代码来获取带有缓存过期令牌的blob url,实际上设置了2小时使blob url过期Azure 如何找到共享访问令牌已过期的bloburl?,azure,azure-storage-blobs,Azure,Azure Storage Blobs,我写了下面的代码来获取带有缓存过期令牌的blob url,实际上设置了2小时使blob url过期 CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString")); CloudBlobClient blobClient = storageAccount.Crea
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
CloudBlockBlob blockBlob = container.GetBlockBlobReference("blobname");
//Create an ad-hoc Shared Access Policy with read permissions which will expire in 2 hours
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2),
};
SharedAccessBlobHeaders headers = new SharedAccessBlobHeaders()
{
ContentDisposition = string.Format("attachment;filename=\"{0}\"", "blobname"),
};
var sasToken = blockBlob.GetSharedAccessSignature(policy, headers);
blobUrl = blockBlob.Uri.AbsoluteUri + sasToken;
使用上面的代码,我得到了带有有效到期令牌的BlobURL,现在我想在一个客户端应用程序中检查BlobURL是否有效。
我通过传递URL并获取响应状态代码,尝试了web请求和http客户端方法。如果响应代码是404,那么我假设URL已过期,如果不是,则URL仍然有效,但这种方法需要更多的时间
请给我其他建议。几天前我也遇到过同样的问题。当SAS令牌过期但存储服务返回404错误时,我实际上希望存储服务返回403错误代码 鉴于我们没有任何其他选择,您这样做是唯一可行的方法,但仍然不正确,因为如果存储帐户中不存在blob,您可能会出现404错误。也许您可以从生成的SAS解析“se”参数,这意味着到期时间,例如“se=2013-04-30T02%3A23%3A26Z”。但是,由于服务器时间可能与客户端时间不同,因此解决方案可能不稳定
我尝试运行与您的代码非常相似的代码,但出现了403错误,这正是本例中所期望的。根据你的问题,我不确定403是否比404对你更有帮助。下面是在控制台应用程序中运行的代码,该应用程序返回403:
class Program
{
static void Main(string[] args)
{
string blobUrl = CreateSAS();
CheckSAS(blobUrl);
Console.ReadLine();
}
//This method returns a reference to the blob with the SAS, and attempts to read it.
static void CheckSAS(string blobUrl)
{
CloudBlockBlob blob = new CloudBlockBlob(new Uri(blobUrl));
//If the DownloadText() method is run within the two minute period that the SAS is valid, it succeeds.
//If it is run after the SAS has expired, it returns a 403 error.
//Sleep for 3 minutes to trigger the error.
System.Threading.Thread.Sleep(180000);
Console.WriteLine(blob.DownloadText());
}
//This method creates the SAS on the blob.
static string CreateSAS()
{
string containerName = "forum-test";
string blobName = "blobname";
string blobUrl = "";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
container.CreateIfNotExists();
CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName + DateTime.Now.Ticks);
blockBlob.UploadText("Blob for forum test");
//Create an ad-hoc Shared Access Policy with read permissions which will expire in 2 hours
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2),
};
SharedAccessBlobHeaders headers = new SharedAccessBlobHeaders()
{
ContentDisposition = string.Format("attachment;filename=\"{0}\"", blobName),
};
var sasToken = blockBlob.GetSharedAccessSignature(policy, headers);
blobUrl = blockBlob.Uri.AbsoluteUri + sasToken;
return blobUrl;
}
}
在某些情况下,SAS故障确实会返回404,这可能会为使用SAS进行故障排除操作带来问题。Azure存储团队已意识到此问题,在未来的版本中,SAS故障可能会返回403。有关404错误的疑难解答,请参阅 您将UTC时间用于
SharedAccessExpiryTime
(请参阅中的“到期时间”)
然后在令牌中的se
声明下注册到期时间,在实际使用令牌之前,可以在客户端根据当前UTC时间检查其值。通过这种方式,您可以避免对Blob存储进行额外调用,而只是为了查明令牌是否过期