我在使用托管标识为 Azure Blob 存储中的文件生成共享访问签名 (SAS) URL 时遇到问题。生成的 SAS URL 的签名字段中包含“+”号,这会导致在尝试使用该 URL 访问时出现“Signature fields not wellFormed”错误。
public string GenerateSaS(string account,
string containerName,
string fileName,
int expiryTimeInMins)
{
try
{
var tokenCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = Environment.GetEnvironmentVariable("<My CLient Id>") });
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{account}.blob.core.windows.net/"), tokenCredential);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
// Check if the container exists
if (!containerClient.Exists())
{
return null;
}
// Create a BlobSasBuilder instance
var sharedPolicy = new BlobSasBuilder
{
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(expiryTimeInMins),
ContentDisposition = $"attachment;filename={fileName}",
BlobContainerName = containerName,
BlobName = fileName,
Resource = "b", // Blob-level access
Protocol = SasProtocol.Https // Use HTTPS only
};
sharedPolicy.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write | BlobSasPermissions.Create);
// Generate SAS token and create BlobUriBuilder
BlobClient blobClient = containerClient.GetBlobClient(fileName);
var blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
Sas = sharedPolicy.ToSasQueryParameters(blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow.AddMinutes(-2), DateTimeOffset.UtcNow.AddMinutes(2)), blobServiceClient.AccountName)
};
// Convert BlobUriBuilder to URL string
var url = blobUriBuilder.ToUri().ToString();
return url;
}
catch (Exception ex)
{
// Handle exception
throw ex;
}
}
url中的签名示例 => sig=7SAJlSwRz8RNMQkEV4Y+hfIMEfVIRFapY49U/vqf4cI=
我尝试了不同的方法来生成网址,但没有成功。 我期待这个问题的有效解决方案
托管身份的 Azure Blob 存储 SAS URL 生成问题
您可以使用下面的代码通过 .Net 代码生成 Azure Blob 存储 SAS URL。
代码:
using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Sas;
namespace SAStoken
{
class Program
{
private static void Main()
{
var account = "venkat123";
var containerName = "test";
var fileName = "imp.png";
var Credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = Environment.GetEnvironmentVariable("<My CLient Id>") });
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{account}.blob.core.windows.net/"), Credential);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(fileName);
var userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));
var sasBuilder = new BlobSasBuilder()
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
Resource = "b", // b for blob, c for container
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
Protocol = SasProtocol.Https
};
sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write | BlobSasPermissions.Create);
BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
// Specify the user delegation key.
Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
};
Console.WriteLine("BlobSAS URI: {0}", blobUriBuilder);
}
}
}
输出:
BlobSAS URI: https://venkat123.blob.core.windows.net/test/imp.png?skoid=6xxxxxx&sktid=72fxxxxxx-41af-91ab-2d7xxb47&skt=2024-04-29T07%3A16%3A33Z&ske=2024-04-30T07%3A16%3A33Z&sks=b&skv=2023-11-03&sv=2023-11-03&spr=https&st=2024-04-29T07%3A16%3A37Z&se=2024-04-29T11%3A16%3A37Z&sr=b&sp=rcw&sig=reHWCZ0lNDyBGxxxxxfH4Z3I7E%3D
浏览器: