已经尝试了一段时间,但无法正常工作。我正在尝试为 blob 容器创建 Service SAS。签名好像不正确。以下是我的功能
function computeSignatureSAS(accountName, accountkey, containerName, permission, expiry) {
var stringtosignElements = [];
stringtosignElements.push(permission);
stringtosignElements.push("");
stringtosignElements.push(expiry);
stringtosignElements.push(decodeURIComponent("/blob/" + accountName + "/" + containerName));
stringtosignElements.push("");
stringtosignElements.push("");
stringtosignElements.push("https");
stringtosignElements.push("2015-12-11");
stringtosignElements.push("");
stringtosignElements.push("");
stringtosignElements.push("");
stringtosignElements.push("");
stringtosignElements.push("");
var stringToSignMain = stringtosignElements.join('\n');
var stringToSign = utf8.encode(stringToSignMain);
var secretBase64 = CryptoJS.enc.Base64.parse(accountkey);
const crypted = CryptoJS.HmacSHA256(stringToSign, secretBase64);
return CryptoJS.enc.Base64.stringify(crypted);
}
我收到以下错误:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:8bff94ad-b01e-0019-3682-8b9056000000
Time:2024-04-10T20:05:16.4929834Z</Message><AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail></Error>
我做错了什么?
问候
尝试为 blob 容器创建 Service SAS,签名似乎不正确。
您可以使用以下代码为容器创建 SAS 令牌:
代码:
var CryptoJS = require("crypto-js");
const containerName = "test";
const accessKey = "xxxxx";
// Function to generate SAS token
function generateSas(storageAccountKey, input) {
input = decodeURIComponent(input); // Decoding URI component
const keyBytes = CryptoJS.enc.Base64.parse(storageAccountKey);
const hash = CryptoJS.HmacSHA256(input, keyBytes);
const hashB64 = CryptoJS.enc.Base64.stringify(hash);
const hashB64UriEncoded = encodeURIComponent(hashB64);
return hashB64UriEncoded;
}
function generateSasToken() {
var now = new Date();
var minutes = 120; // SAS token duration in minutes
var signedStart = now.toISOString().replace(/:/g, "%3A").replace(/\.\d{3}/g, "");
var signedExpiry = new Date(now.getTime() + minutes * 60000).toISOString().replace(/:/g, "%3A").replace(/\.\d{3}/g, "");
const signedPermissions = "r";
const signedService = "c";
const signedProtocol = "https";
const signedVersion = "2022-11-02";
const canonicalizedResource = `/blob/venkat123/${containerName}`;
var stringToSign = signedPermissions + "\n" + signedStart + "\n" +
signedExpiry + "\n" +
canonicalizedResource + "\n" +
" " + "\n" +
" " + "\n" +
signedProtocol + "\n" +
signedVersion + "\n" +
"c" + "\n" +
" " + "\n" +
" " + "\n" +
" " + "\n" +
" " + "\n" +
" " + "\n" +
" " + "\n";
const signature = generateSas(accessKey, stringToSign); // Generate signature using generateSas function
const sasToken = `st=${signedStart}&se=${signedExpiry}&sp=${signedPermissions}&sv=${signedVersion}&sr=${signedService}&spr=${signedProtocol}&sig=${signature}`;
console.log(sasToken);
}
generateSasToken();
输出:
st=2024-04-12T12%3A44%3A04Z&se=2024-04-12T14%3A44%3A04Z&sp=r&sv=2023-11-03&sr=c&spr=https&sig=hYxibKgUxxxx5ECU%3D
邮递员:
使用Postman验证,获取指定容器中blob的内容,如下图:
参考: 为 Azure 存储帐户 blob 容器生成 SaS 令牌 - Stack Overflow,作者:Ikhtesam Afrin。