你遇到這個問題的原因是因爲你正在計算簽名的SAS基於邏輯計算Authorization
頭。在兩種情況下,StringToSign
都不相同。
對於SAS,這應該是(爲Service SAS
):
StringToSign = signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedresource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
startingPartitionKey + "\n"
startingRowKey + "\n"
endingPartitionKey + "\n"
endingRowKey
如果你想使用Account SAS
(這是門戶網站做什麼),它應該是:
StringToSign = accountname + "\n" +
signedpermissions + "\n" +
signedservice + "\n" +
signedresourcetype + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n"
因此,基於您的參數,StringToSign帳戶SAS將是:
StringToSign = {youraccountname} + "\n" +
"rwdlacu" + "\n" +
"t" + "\n" +
"sco" + "\n" +
"2017-03-23T12:05:14Z" + "\n" +
"2017-03-23T20:05:14Z" + "\n" +
{yourip} + "\n" +
"https" + "\n" +
"2016-05-31 + "\n"
The computatio n代表signature
是正確的。
您可能會發現這些鏈接有助於瞭解有關計算SAS的更多信息:Account SAS
和Service SAS
。
UPDATE
有與hmac
計算也是一個問題。它應該使用您的賬戶密鑰,也應該使用Convert.FromBase64String
。
HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(accountKey));
此外,你不應該URLEncode StringToSign
。那裏的元素應該被URL解碼。
最後SAS令牌應該看起來像你從門戶回來的東西。
代碼示例
static void AccountSasSample()
{
var accountName = "your-account-name";
var accountKey = "your-account-key";
var start = DateTime.UtcNow.AddHours(-1).ToString("yyyy-MM-ddTHH:mm:ssZ");
var end = DateTime.UtcNow.AddHours(1).ToString("yyyy-MM-ddTHH:mm:ssZ");
var permission = "rwdlacu";
var serviceType = "t";
var resourceTypes = "sco";
var ipAddress = "your-ip-address";
var protocol = "https";
var serviceVersion = "2016-05-31";
var stringToSign = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n", accountName, permission, serviceType, resourceTypes, start, end, ipAddress, protocol, serviceVersion);
Console.WriteLine(stringToSign);
HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(accountKey));
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
var sasToken = string.Format("?sv={0}&ss={1}&srt={2}&sp={3}&se={4}&st={5}&sip={6}&spr={7}&sig={8}", serviceVersion,
serviceType, resourceTypes, permission, end, start, ipAddress, protocol, HttpUtility.UrlEncode(signature));
Console.WriteLine(sasToken);
var urlToListTables = string.Format("https://{0}.table.core.windows.net/Tables{1}", accountName, sasToken);
//Copy this urlToListTables & paste it in browser's address bar. You should be able to see the list of tables in your storage account.
}
我仍然得到禁止錯誤** ** 403。我的代碼是否正確計算簽名? **我更新了問題**中的代碼。 – Sameer
簽名計算也存在問題。讓我編輯我的答案。 –
是的,我正確地格式化字符串,但是即使在適應您建議的'HMACSHA256 hmac = new HMACSHA256(Convert。FromBase64String(「account key」);'我得到** 403 Forbidden **錯誤。 – Sameer