Azure SAS容器php
是否可以在一个azure容器上打开对整个Blob的SAS访问 我可以为一个特定的blob创建一个SAS,但是我正在尝试为一个容器创建SAS,但是我没有找到好的选择 我的目标是打开对整个容器的特定访问,并能够读取一些特定的blobAzure SAS容器php,php,azure,Php,Azure,是否可以在一个azure容器上打开对整个Blob的SAS访问 我可以为一个特定的blob创建一个SAS,但是我正在尝试为一个容器创建SAS,但是我没有找到好的选择 我的目标是打开对整个容器的特定访问,并能够读取一些特定的blob $end = date('Y-m-d\TH\:i\:s\Z', strtotime('+10 minutes')); $containerName=$_POST['container']; $blobName= $_POST['blob']; function ge
$end = date('Y-m-d\TH\:i\:s\Z', strtotime('+10 minutes'));
$containerName=$_POST['container'];
$blobName= $_POST['blob'];
function getSASForBlob($accountName, $container, $blob, $permissions ,$expiry, $key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/'.$accountName . '/' . $container . '/';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-12-11"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = 'file; attachment';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = 'binary';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true));
}
function getBlobUrl($accountName, $container, $blob, $resourceType, $permissions, $expiry, $_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' .urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2015-12-11';
$_parts[] = 'comp=list';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
$sig = getSASForBlob("cloudviewer",$containerName, $blobName, "r", $end, $key);
$url = getBlobUrl("cloudviewer",$containerName,$blobName,"c","r", $end, $sig);
echo(json_encode(array('url' => $url, 'experity' => $end)));
我的错误是:
签名不匹配。使用的签名字符串是r 2016-12-10T16:53:00Z/blob/cloudviewer/450-423-422-392 2015-12-11
您需要进行一些小的修改以生成一个有效的服务SAS令牌,该令牌将列出容器中的blob。此外,在调用这些方法时,您应该传入“rl”的权限,而不仅仅是“r”。这是因为您希望列出容器中的项目
$end = date('Y-m-d\TH\:i\:s\Z', strtotime('+10 minutes'));
$containerName=$_POST['container'];
$blobName= $_POST['blob'];
function getSASForBlob($accountName, $container, $blob, $permissions ,$expiry, $key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/' . $accountName . '/' . $container;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-12-11"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true));
}
function getBlobUrl($accountName, $container, $blob, $resourceType, $permissions, $expiry, $_signature){
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' .urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2015-12-11';
$_parts[] = 'comp=list';
$_parts[] = 'restype=container';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '?'
. implode('&', $_parts);
return $_url;
}
在我的测试中,我们需要为blob和容器操作实现单独的SAS令牌。有关详细信息,请参阅 对于这个问题,您似乎正在为容器中的列表Blob生成SAS令牌URL。要进行快速测试,请尝试以下代码段:
function getSASForBlob($accountName, $container, $blob, $permissions ,$expiry, $key){
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
if($blob){
$_arraysign[] = '/blob' .'/'.$accountName . '/' . $container . '/' . $blob;
}else{
$_arraysign[] = '/blob' .'/'.$accountName . '/' . $container ;
}
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-12-11"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true));
}
function getBlobUrl($accountName, $container, $blob, $resourceType, $permissions, $expiry, $_signature){
$_parts = array();
$_parts[] = (!empty($expiry)) ? 'se=' . urlencode($expiry) : '';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions)) ? 'sp=' . $permissions : '';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2015-12-11';
$_parts[] = 'comp=list';
$_parts[] = 'restype=container';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container
// . '/'
// . $blob
. '?'
. implode('&', $_parts);
return $_url;
}
$sig = getSASForBlob(AZURE_ACC_NAME,AZURE_CONTAINER, null, "l", $endDate, AZURE_PRIMARY_KEY);
$url = getBlobUrl(AZURE_ACC_NAME,AZURE_CONTAINER,null,"c","l", $endDate, $sig);
您是否收到了一些HTTP错误,请您分享一下好吗?您是否检查过您的过期日期时间是否为UTC?根据文档,您的代码应该可以工作。我添加了错误结果,datetime是好的,因为我使用datetime直接访问特定blob。看起来您正在创建服务SAS令牌。您可能需要尝试创建帐户SAS令牌。我可以告诉你这是一个服务SAS令牌,因为你有sr参数在那里。有更新吗?