PHP/Authentication的共享访问签名函数失败
同样,Azure SDK for PHP不支持共享访问签名。因此,我开发了自己的函数,使用miscrosoftazure文档()和PHPAzure-Codeplex项目和源代码()生成签名url 我想生成一个签名的url,它可以在web浏览器中直接调用,而不需要使用开发的软件客户端 我生成的签名url始终返回“AuthenticationFailed”,详细信息为“签名不匹配。签名不匹配。要签名的字符串为r 2013-11-03 2013-11-05/ntgstblog/netgemvno netgemvno_默认_策略” 这里是生成共享访问签名和签名url的源代码。你能帮我调试一下吗PHP/Authentication的共享访问签名函数失败,php,azure,azure-storage-blobs,Php,Azure,Azure Storage Blobs,同样,Azure SDK for PHP不支持共享访问签名。因此,我开发了自己的函数,使用miscrosoftazure文档()和PHPAzure-Codeplex项目和源代码()生成签名url 我想生成一个签名的url,它可以在web浏览器中直接调用,而不需要使用开发的软件客户端 我生成的签名url始终返回“AuthenticationFailed”,详细信息为“签名不匹配。签名不匹配。要签名的字符串为r 2013-11-03 2013-11-05/ntgstblog/netgemvno ne
$config = array(
'blob_account' => <mystroage_accountname>,
'blob_key' => <mystroage_accesskey>,
'blob_protocol' => 'http'
);
$_id = 'netgemvno_default_policy';
...
/* Define the policy of the container */
$_data = array(
'SignedIdentifier' => array (
'Id' => $_id,
'AccessPolicy' => array(
'Start' => date("Y-m-d", strtotime('-1 years')),
'Expiry' => date("Y-m-d", strtotime('+1 year')),
'Permission' => 'r'
)
)
);
$_containerAcl = ContainerAcl::create(PublicAccessType::NONE, $_data);
$rest->blob_service->setContainerAcl($oem, $_containerAcl);
...
/* get shared access url to my private blob */
$_start = date('Y-m-d', strtotime('-1 day'));
//$_start = '';
$_expiry = date('Y-m-d', strtotime('+1 day'));
//$_expiry = '';
$_permission = 'r';
$_container = 'netgemvno';
$_blob = strtolower(
"netgemvno/backup/2013/10/29/20131029_ack.log"
);
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $_permission;
$_arraysign[] = $_start;
$_arraysign[] = $_expiry;
$_arraysign[] = '/' . $config['blob_account'] . '/' . $_container;
$_arraysign[] = $_id;
$_str2sign = implode("\n", $_arraysign);
$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($_start))?'st=' . urlencode($_start):'';
$_parts[] = (!empty($_expiry))?'se=' . urlencode($_expiry):'';
$_parts[] = (!empty($_permission))?'sp=' . $_permission:'';
$_parts[] = 'sr=' . 'c';
$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
/* Create the signed blob URL */
$_url = $config['blob_protocol'] . '://'
. $config['blob_account'] . '.blob.core.windows.net/'
. $_blob . '?'
. implode('&', $_parts);
return $_url;
$config=array(
“blob_账户”=>,
“blob_键”=>,
“blob_协议”=>“http”
);
$\u id='netgemvno\u default\u policy';
...
/*定义容器的策略*/
$\u数据=数组(
“SignedIdentifier”=>数组(
'Id'=>$\u Id,
“AccessPolicy”=>数组(
“开始”=>日期(“Y-m-d”,标准时间(“-1年”),
“到期日”=>日期(“Y-m-d”,标准时间(“+1年”),
“权限”=>“r”
)
)
);
$\u containerAcl=containerAcl::create(publiccesstype::NONE,$\u data);
$rest->blob_服务->setContainerAcl($oem,$\u containerAcl);
...
/*获取我的私人blob的共享访问url*/
$_start=date('Y-m-d',strottime('-1天));
//$\开始='';
$\到期日=日期('Y-m-d',标准时间('+1天');
//$\到期日='';
$_权限='r';
$\容器='netgemvno';
$\u blob=strtolower(
“netgemvno/backup/2013/10/29/20131029_确认日志”
);
/*创建签名*/
$\u arraysign=array();
$\u arraysign[]=$\u权限;
$\u arraysign[]=$\u start;
$\u arraysign[]=$\u到期日;
$\u arraysign[]='/'$配置['blob_帐户']./'$_容器;
$\u arraysign[]=$\u id;
$\u str2sign=内爆(“\n”,$\u arraysign);
$\u签名=base64\u编码(
hash_hmac('sha256',$_str2sign,$config['blob_key',true)
);
/*创建签名查询部件*/
$_parts=array();
$\u parts[]=(!empty($\u start))?“st=”。urlencode($_开始):“”;
$\u parts[]=(!empty($\u expiration))?“se=”。urlencode($\到期日):“”;
$\u parts[]=(!empty($\u权限))?“sp=”$_许可:'';
$\u parts[]='sr='c′;
$\u parts[]=(!empty($\u id))?“si=”。urlencode($_id):“”;
$\u parts[]='sig='。urlencode($\ U签名);
/*创建已签名的blob URL*/
$\u url=$config['blob\u协议].:/'
. $配置['blob_帐户'].'。blob.core.windows.net/'
. $_一团.“?”
. 内爆('和',$_部分);
返回$\uURL;
- 生成签名时出现了什么问题
- 是否有任何信息丢失或无效
- 我需要使用我的存储密钥进行散列吗
AmSacgtnBFBvyqPHTNfpThcBCFWqzE3PIl09Pr1IQBGNjln1a8fZeUTs0+fehSmGt6ujf/7DQ51ef+DEXEZziA==$_signature = base64_encode(
hash_hmac('sha256', $_str2sign, $config['blob_key'], true)
);
我想为这篇文章提供一些额外的信息,以反映自这篇文章发表以来对访问容器/blob的Azure REST API所做的更改。根据计划,截至2014年9月,我不得不做更多的工作 以下是SAS生成代码,用于在PHP中将blob上载到专用容器:
private function testSASGeneration($container, $blob, $resourceType, $permissions, $start, $expiry){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = $start;
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $this->blobServiceAccountName . '/' . $container;
$_arraysign[] = '';
$_arraysign[] = "2013-08-15"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = "file; attachment";
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = 'binary';
$_str2sign = implode("\n", $_arraysign);
//signature requires url decode and utf-8 encode, as illustrated in docs linked in this post.
$_signature = base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($this->blobServicePrimaryKey), true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($start))?'st=' . urlencode($start):'';
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = (!empty($permissions))?'rscd=' . urlencode("file; attachment"):'';
$_parts[] = (!empty($permissions))?'rsct=' . urlencode("binary"):'';
//$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2013-08-15'; //addition of API version in query
/* Create the signed blob URL */
$_url = 'https://'
. $this->blobServiceAccountName . '.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
希望这能帮助那些被迫使用PHP与Azure进行通信的人,因为与C#对等API相比,该API严重不足。非常感谢。在解决新错误“访问策略字段可以与签名或SAS标识符关联,但不能同时与两者关联”后,它修复了该问题。正如错误消息所述,您不能在访问策略和共享访问签名中同时定义设置。例如,如果在访问策略中定义了开始日期,则在创建共享访问签名时不能定义该日期。请检查您的访问策略。在我的情况下,我删除了访问策略以仅与SAS一起工作。不确定您上次的评论是什么意思。您能解释一下吗?通过删除为容器定义的“访问策略”对象,我修复了错误“访问策略字段可以与签名或SAS标识符关联,但不能同时与两者关联”。我决定只使用SAS并定义所有字段来生成签名。
private function testSASGeneration($container, $blob, $resourceType, $permissions, $start, $expiry){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = $start;
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $this->blobServiceAccountName . '/' . $container;
$_arraysign[] = '';
$_arraysign[] = "2013-08-15"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = "file; attachment";
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = 'binary';
$_str2sign = implode("\n", $_arraysign);
//signature requires url decode and utf-8 encode, as illustrated in docs linked in this post.
$_signature = base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($this->blobServicePrimaryKey), true)
);
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($start))?'st=' . urlencode($start):'';
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = (!empty($permissions))?'rscd=' . urlencode("file; attachment"):'';
$_parts[] = (!empty($permissions))?'rsct=' . urlencode("binary"):'';
//$_parts[] = (!empty($_id))?'si=' . urlencode($_id):'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2013-08-15'; //addition of API version in query
/* Create the signed blob URL */
$_url = 'https://'
. $this->blobServiceAccountName . '.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}