托管身份的 Azure Blob 存储 SAS URL 生成问题

问题描述 投票:0回答:1

我在使用托管标识为 Azure Blob 存储中的文件生成共享访问签名 (SAS) URL 时遇到问题。生成的 SAS URL 的签名字段中包含“+”号,这会导致在尝试使用该 URL 访问时出现“Signature fields not wellFormed”错误。

public string GenerateSaS(string account,
                          string containerName,
                          string fileName,
                          int expiryTimeInMins)
{
    try
    {
        var tokenCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = Environment.GetEnvironmentVariable("<My CLient Id>") });
        BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{account}.blob.core.windows.net/"), tokenCredential);
        BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);

        // Check if the container exists
        if (!containerClient.Exists())
        {
            return null;
        }

        // Create a BlobSasBuilder instance
        var sharedPolicy = new BlobSasBuilder
        {
            StartsOn = DateTimeOffset.UtcNow,
            ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(expiryTimeInMins),
            ContentDisposition = $"attachment;filename={fileName}",
            BlobContainerName = containerName,
            BlobName = fileName,
            Resource = "b", // Blob-level access
            Protocol = SasProtocol.Https // Use HTTPS only
        };
        sharedPolicy.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write | BlobSasPermissions.Create);

        // Generate SAS token and create BlobUriBuilder
        BlobClient blobClient = containerClient.GetBlobClient(fileName);
        var blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
        {
            Sas = sharedPolicy.ToSasQueryParameters(blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow.AddMinutes(-2), DateTimeOffset.UtcNow.AddMinutes(2)), blobServiceClient.AccountName)
        };

        // Convert BlobUriBuilder to URL string
        var url = blobUriBuilder.ToUri().ToString();

        return url;
    }
    catch (Exception ex)
    {
        // Handle exception
        throw ex;
    }
}

url中的签名示例 => sig=7SAJlSwRz8RNMQkEV4Y+hfIMEfVIRFapY49U/vqf4cI=

我尝试了不同的方法来生成网址,但没有成功。 我期待这个问题的有效解决方案

c# .net azure azure-blob-storage sas-token
1个回答
0
投票

托管身份的 Azure Blob 存储 SAS URL 生成问题

您可以使用下面的代码通过 .Net 代码生成 Azure Blob 存储 SAS URL。

代码:

using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Sas;

namespace SAStoken
{
    class Program
    {
        private static void Main()
        {
            var account = "venkat123";
            var containerName = "test";
            var fileName = "imp.png";
            var Credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = Environment.GetEnvironmentVariable("<My CLient Id>") });
            BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{account}.blob.core.windows.net/"), Credential);
            BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
            BlobClient blobClient = containerClient.GetBlobClient(fileName);

            var userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));

            var sasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = blobClient.BlobContainerName,
                BlobName = blobClient.Name,
                Resource = "b", // b for blob, c for container
                StartsOn = DateTimeOffset.UtcNow,
                ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
                Protocol = SasProtocol.Https
            };
            sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write | BlobSasPermissions.Create);

            BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
            {
                // Specify the user delegation key.
                Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
            };

            Console.WriteLine("BlobSAS URI: {0}", blobUriBuilder);
        }

    }
}

输出:

BlobSAS URI: https://venkat123.blob.core.windows.net/test/imp.png?skoid=6xxxxxx&sktid=72fxxxxxx-41af-91ab-2d7xxb47&skt=2024-04-29T07%3A16%3A33Z&ske=2024-04-30T07%3A16%3A33Z&sks=b&skv=2023-11-03&sv=2023-11-03&spr=https&st=2024-04-29T07%3A16%3A37Z&se=2024-04-29T11%3A16%3A37Z&sr=b&sp=rcw&sig=reHWCZ0lNDyBGxxxxxfH4Z3I7E%3D

enter image description here

浏览器:

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.