Azure Blob存儲REST API簽名

我一直在研究概念證明，並正在嘗試針對Azure存儲REST API進行測試。但是，我無法驗證。我一整天都在嘗試閱讀，調整和改寫，但仍然無法正常工作。我一直在逐步完成文檔。Azure Blob存儲REST API簽名

我希望找到管理這個的人。大量的硬編碼位，它只是讓它工作。我不斷收到此錯誤迴響應

在HTTP請求「中發現的MAC簽名」是不一樣的任何計算簽名

任何人都可以看到什麼是可能的盯着我的臉？這讓我很生氣。

var requestDateString = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture); 
    var StorageAccountName = "<account removed>"; 
    var StorageKey = "<key removed>"; 

    using (var client = new HttpClient()) 
    { 
     var stringToSign = new List<string>(){ 
     "GET"                        /*HTTP Verb*/ 
     ,""                         /*Content-Encoding*/ 
     ,""                         /*Content-Language*/ 
     ,""                       /*Content-Length (include value when zero)*/ 
     ,""                         /*Content-MD5*/ 
     ,""                         /*Content-Type*/ 
     ,""                         /*Date*/ 
     ,""                         /*If-Modified-Since */ 
     ,""                         /*If-Match*/ 
     ,""                         /*If-None-Match*/ 
     ,""                         /*If-Unmodified-Since*/ 
     ,""                         /*Range*/ 
     ,$"x-ms-date:{requestDateString}\nx-ms-version:2015-02-21"           /*CanonicalizedHeaders*/ 
     ,$"/{StorageAccountName}/ " + _containerName + "\ncomp:metadata\nrestype:container\ntimeout:20"  /*CanonicalizedResource*/ 
     }; 


     string signature; 
     using (var hmac = new HMACSHA256(Convert.FromBase64String(StorageKey))) 
     { 
      var compiledStringToSign = (string.Join("\n", stringToSign)); 
      byte[] dataToHmac = Encoding.UTF8.GetBytes(compiledStringToSign); 
      signature = Convert.ToBase64String(hmac.ComputeHash(dataToHmac)); 
     } 

     //Send Request 
     client.DefaultRequestHeaders.Add("x-ms-date", requestDateString); 
     client.DefaultRequestHeaders.Add("x-ms-version", " 2015-02-21"); 
     client.DefaultRequestHeaders.Add("Authorization", $"SharedKey {StorageAccountName}:" + signature); 

     var response = client.SendAsync(request);

//編輯請求的URL是https://account.blob.core.windows.net/testcontainer/blobtest/blob1234

的錯誤是非常具體的關於身份驗證失敗，所以我認爲，誤差必須在簽名，我真的不能看到它雖然。我檢查了所有的輸出與小提琴手，以確保它們匹配

來源

2017-09-28 James

我可以問你爲什麼不使用Azure存儲SDK爲C＃？ –

當沒有SDK時，我曾經在Python中實現過這個功能。 AFAIK C＃SDK在GitHub上是開源的，您可以查看代碼 - 兩年前，我發現該實現非常易讀 –

您是否也可以共享請求URL？ –

如果你想要得到的BLOB內容，請試試用下面的演示代碼，它工作正常在我的身邊。

var blobStorageAccount = "account name"; 
var storageKey = "account key"; 
var containerName = "container name"; 
var requestMethod = "GET"; 
var blobName = "blob name"; // in your case:blobtest/blob1234 
var dt = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture); 
var msVersion = "2015-02-21"; 
var clientRequestId = Guid.NewGuid().ToString(); 
var canHeaders = $"x-ms-client-request-id:{clientRequestId}\nx-ms-date:{dt}\nx-ms-version:{msVersion}"; 
var canResource = $"/{blobStorageAccount}/{containerName}/{blobName}"; //not the CanonicalizedResource : /myaccount/mycontainer\ncomp:metadata\nrestype:container\ntimeout:20 
var signStr = $"{requestMethod}\n\n\n\n\n\n\n\n\n\n\n\n{canHeaders}\n{canResource}"; 
var auth = CreateAuthString(blobStorageAccount, signStr, storageKey); 
var urlPath = $"https://{blobStorageAccount}.blob.core.windows.net/{containerName}/{blobName}"; 
Uri uri = new Uri(urlPath); 
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri); 
HttpClient client = new HttpClient(); 
client.DefaultRequestHeaders.Add("x-ms-date", dt); 
client.DefaultRequestHeaders.Add("x-ms-version", msVersion); 
client.DefaultRequestHeaders.Add("x-ms-client-request-id", clientRequestId); 
client.DefaultRequestHeaders.Add("Authorization", auth); 
HttpResponseMessage response = client.SendAsync(request).Result; 
var status = response.IsSuccessStatusCode; 


private static string CreateAuthString(string blobStorageAccount,string signStr,string blobStorageAccessKey) 
{ 
    var signature = string.Empty; 
    byte[] unicodeKey = Convert.FromBase64String(blobStorageAccessKey); 
    using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey)) 
    { 
     byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(signStr); 
     signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac)); 
    } 

    var authorizationHeader = String.Format(
     CultureInfo.InvariantCulture, 
     "{0} {1}:{2}", 
     "SharedKey", 
     blobStorageAccount, 
     signature); 

     return authorizationHeader; 
    }

來源

2017-09-29 06:27:16

這個工程，是需要在canonicalizedResource改變什麼。我可以問你從哪裏得到信息，因爲它不符合Azure文檔 – James

根據[Get blob API]，這似乎是一個文檔問題（https://docs.microsoft.com/en-us/ rest/api/storageservices/get-blob）https://myaccount.blob.core.windows.net/mycontainer/myblob，我假設canonicalizedResource應該是'$「/ {blobStorageAccount}/{containerName}/{blobName}」 '。 –

Azure Blob存儲REST API簽名

回答

相關問題