Microsoft Azure和SAS for PHP
我正在尝试使用PHP创建指向blob资源的SAS链接。不幸的是,目前在azure SDK中没有创建SAS签名的方法。 我编写了一个生成SA的代码,但是当我试图通过此方法生成的链接获取资源时,我得到了这样一条消息:签名字段格式不正确Microsoft Azure和SAS for PHP,php,azure,azure-storage-blobs,Php,Azure,Azure Storage Blobs,我正在尝试使用PHP创建指向blob资源的SAS链接。不幸的是,目前在azure SDK中没有创建SAS签名的方法。 我编写了一个生成SA的代码,但是当我试图通过此方法生成的链接获取资源时,我得到了这样一条消息:签名字段格式不正确 有人建议我做错了什么吗?我是Microsoft Azure的康普新手我相信您的$stringToSign变量有问题。根据此处的文档:,要签名的字符串的构造应如下所示: StringToSign = signedpermissions + "\n"
有人建议我做错了什么吗?我是Microsoft Azure的康普新手我相信您的
$stringToSign
变量有问题。根据此处的文档:,要签名的字符串的构造应如下所示:
StringToSign = signedpermissions + "\n"
signedstart + "\n"
signedexpiry + "\n"
canonicalizedresource + "\n"
signedidentifier + "\n"
signedversion + "\n"
rscc + "\n"
rscd + "\n"
rsce + "\n"
rscl + "\n"
rsct
考虑到您在SAS查询字符串中包含rscd
和rsct
。请尝试以下方法,看看这是否有区别:
$stringToSign =
$signedPermission."\n".
$signedStart."\n".
$signedExpiry."\n".
$canonicalizedResource."\n".
$signedIdentifier."\n".
$signedVersion."\n".
"\n".
$responseContent."\n".
"\n".
"\n".
$responseType;
更新
请尝试下面的代码。用适当的值替换帐户名称/密钥、容器名称和blob名称:
<?php
$signedStart = gmdate('Y-m-d\TH:i:s\Z', strtotime('-1 day'));
echo $signedStart."\n";
$signedExpiry = gmdate('Y-m-d\TH:i:s\Z', strtotime('+1 day'));
echo $signedExpiry."\n";
$signedResource = 'b';
$signedPermission = 'r';
$signedIdentifier = '';
$accountName = "[account name]";
$accountKey = "[account key]";
$container = "[container name]";
$blob = "[blob name]";
$canonicalizedResource = '/'.$accountName.'/'.$container.'/'.$blob;
$signedVersion = '2014-02-14';
echo $canonicalizedResource."\n";
$rscc = '';
$rscd = 'file; attachment';//Content disposition
$rsce = '';
$rscl = '';
$rsct = 'binary';//Content type
$stringToSign =
$signedPermission."\n".
$signedStart."\n".
$signedExpiry."\n".
$canonicalizedResource."\n".
$signedIdentifier."\n".
$signedVersion."\n".
$rscc."\n".
$rscd."\n".
$rsce."\n".
$rscl."\n".
$rsct;
echo $stringToSign."\n";
$signature = base64_encode(
hash_hmac(
'sha256',
$stringToSign,
base64_decode($accountKey),
true
)
);
echo $signature."\n";
$arrayToUrl = [
'sv='.urlencode($signedVersion),
'st='.urlencode($signedStart),
'se='.urlencode($signedExpiry),
'sr='.urlencode($signedResource),
'sp='.urlencode($signedPermission),
'rscd='.urlencode($rscd),
'rsct='.urlencode($rsct),
'sig='.urlencode($signature)
];
$url = 'https://'.$accountName.'.blob.core.windows.net'.'/'
.$container.'/'
.$blob.'?'.implode('&', $arrayToUrl);
echo $url."\n";
?>
基本上有两个问题(除了不正确的$stringToSign
变量):
base64\u解码
用于计算签名的帐户密钥我遇到了完全相同的问题。但是现在您可以使用
MicrosoftAzure\Storage\Common\SharedAccessSignatureHelper
,它可以为您处理很多问题。2年前,我在本PR()中加入了公共图书馆
应该这样简单地解决:
$sasHelper=新的SharedAccessSignatureHelper(
“您的帐户名”,
“H…您的代币…”
);
$sas=$sasHelper->generateAccountSharedAccessSignatureToken(
'2018-11-09',
“rwl”,
“b”,
"上海合作组织",,
(new\DateTime())->modify(“+10分钟”),
(new\DateTime())->modify('-5分钟),
'',
“https”
);
$connectionString=“BlobEndpoint=https://nameofyouraccount.blob.core.windows.net/;SharedAccessSignature={$sas}”;
还有你的连接线 修改并使用@Gaurav Mantri的函数
function generateSasToken($bucket,$key, $accountName, $accountKey){
$signedStart = gmdate('Y-m-d\TH:i:s\Z', time());
$signedExpiry = gmdate('Y-m-d\TH:i:s\Z', time()+3600);
$signedResource = 'b';
$signedPermission = 'r';
$signedIdentifier = '';
$canonicalizedResource = '/' . $accountName . '/' . $bucket . '/' . $key;
$signedVersion = '2014-02-14';
$rscc = '';
$rscd = 'file; attachment';//Content disposition
$rsce = '';
$rscl = '';
$rsct = 'binary';//Content type
$stringToSign =
$signedPermission . "\n" .
$signedStart . "\n" .
$signedExpiry . "\n" .
$canonicalizedResource . "\n" .
$signedIdentifier . "\n" .
$signedVersion . "\n" .
$rscc . "\n" .
$rscd . "\n" .
$rsce . "\n" .
$rscl . "\n" .
$rsct;
$signature = base64_encode(
hash_hmac(
'sha256',
$stringToSign,
base64_decode($accountKey),
true
)
);
$arrayToUrl = [
'sv=' . urlencode($signedVersion),
'st=' . urlencode($signedStart),
'se=' . urlencode($signedExpiry),
'sr=' . urlencode($signedResource),
'sp=' . urlencode($signedPermission),
'rscd=' . urlencode($rscd),
'rsct=' . urlencode($rsct),
'sig=' . urlencode($signature)
];
$url = 'https://' . $accountName . '.blob.core.windows.net' . '/'
. $bucket . '/'
. $key . '?' . implode('&', $arrayToUrl);
return $url;
}
你是先用谷歌搜索的吗。只是好奇-是的。但是对于PHP来说没有太多。我真的不明白,尤其是我试图遵循文档。有经验的人有什么建议吗?还是“签名字段格式不好”没有区别。我不需要rscd,rsct参数,如果它改变了stringTosign中的任何内容?您可以打印$stringTosign变量吗?我要签名的字符串:r\n2014-10-20T12:34:40+02:00\n2014-10-22T12:34:40+02:00\n/accountname/new/invoice.pdf\n\n2014-02-14\n\n\n文件;附件\n\n\n更新了我的答案。谢谢你的帮助。问题在于日期格式。注意:)要获取特定于blob的SAS URL,请转到并搜索(
Ctrl
+F
)以查看类方法。这与@yustme的功能非常相似。
function generateSasToken($bucket,$key, $accountName, $accountKey){
$signedStart = gmdate('Y-m-d\TH:i:s\Z', time());
$signedExpiry = gmdate('Y-m-d\TH:i:s\Z', time()+3600);
$signedResource = 'b';
$signedPermission = 'r';
$signedIdentifier = '';
$canonicalizedResource = '/' . $accountName . '/' . $bucket . '/' . $key;
$signedVersion = '2014-02-14';
$rscc = '';
$rscd = 'file; attachment';//Content disposition
$rsce = '';
$rscl = '';
$rsct = 'binary';//Content type
$stringToSign =
$signedPermission . "\n" .
$signedStart . "\n" .
$signedExpiry . "\n" .
$canonicalizedResource . "\n" .
$signedIdentifier . "\n" .
$signedVersion . "\n" .
$rscc . "\n" .
$rscd . "\n" .
$rsce . "\n" .
$rscl . "\n" .
$rsct;
$signature = base64_encode(
hash_hmac(
'sha256',
$stringToSign,
base64_decode($accountKey),
true
)
);
$arrayToUrl = [
'sv=' . urlencode($signedVersion),
'st=' . urlencode($signedStart),
'se=' . urlencode($signedExpiry),
'sr=' . urlencode($signedResource),
'sp=' . urlencode($signedPermission),
'rscd=' . urlencode($rscd),
'rsct=' . urlencode($rsct),
'sig=' . urlencode($signature)
];
$url = 'https://' . $accountName . '.blob.core.windows.net' . '/'
. $bucket . '/'
. $key . '?' . implode('&', $arrayToUrl);
return $url;
}