SAS url 在本地有效,但在生产中无效

问题描述 投票:0回答:1

我在 Python 中使用以下代码来为特定容器内的 Blob 生成 SAS URL。

`

def get_signed_url(container, blobPath):
 return generate_blob_sas(
     account_name=azure_account_name,
     account_key=azure_account_key,
     container_name=container,
     blob_name=blobPath,
     permission=BlobSasPermissions(read=True),
     expiry=datetime.utcnow() + timedelta(days=1),
     startsOn=datetime.utcnow() - timedelta(days=1),
     version='2021-10-04',
     protocol='https'
 )

`

我得到以下网址 

https://production.blob.core.windows.net/organization-134/2031dfac-0a29-4a73-b344-e5aec4e20282/How_to_send_a_request_in_Postman_1.png?se=2023-12-07T12%3A11%3A46Z&sp=r&spr=https&sv=2023-08-03&sr=b&sig=pPHMDdGqQZUrQ2s3YxLuWhkW%2BaPi1zJvyTSWQX2%2Bx2Y%3D
现在,当我在本地运行 python 并获取此 URL 时,它工作正常,但是,在生产中它不起作用,在浏览器上收到以下错误:

     <Error>
 <div id="in-page-channel-node-id" data-channel-name="in_page_channel__KbVHh"/>
 <Code>AuthenticationFailed</Code>
 <Message>Server failed to authenticate the request. Make sure the value of Authorization header      is formed correctly including the signature. RequestId:9c8117fc-c01e-0048-4642-28fc5a000000 Time:2023-12-06T12:50:21.7240095Z</Message>
 <AuthenticationErrorDetail>Signature did not match. String to sign used was r 2023-12-07T12:11:46Z /blob/production/organization-134/2031dfac-0a29-4a73-b344-e5aec4e20282/How_to_send_a_request_in_Postman_1.png https 2023-08-03 b </AuthenticationErrorDetail>

我尝试在网上到处查找,但找不到任何可以帮助的东西。有些可能是由于时间不匹配,因为我的存储帐户和python托管在azure上,我怀疑是否是这种情况

python azure-web-app-service azure-blob-storage azure-storage
1个回答
0
投票

服务器无法验证请求。确保授权标头的值格式正确,包括签名。 RequestId:9c8117fc-c01e-0048-4642-28fc5a000000Time:2023-12-06T12:50:21.7240095Z 签名不匹配。使用的签名字符串为 r 2023-12-07T12:11:46Z/blob/product/organization-134/2031dfac-0a29-4a73-b344-e5aec4e20282/How_to_send_a_request_in_Postman_1.pnghttps 2023-08-03 b

当您在 generate_blob_sas 函数中传递错误的参数时,就会出现上述错误。

在我的环境中,当我尝试在 

generate_blob_sas
函数中使用正确的参数(例如帐户名称、帐户密钥、容器名称和 blob 名称)时,它成功执行。

代码:

import datetime
from azure.storage.blob import generate_blob_sas, BlobSasPermissions

account_name = 'venkat789'
account_key = 'sxxxxxx'
container_name = 'block-image'
blob_name = 'bike.png'

start_time = datetime.datetime.now(datetime.timezone.utc)
expiry_time = start_time + datetime.timedelta(seconds=int(900))

def get_blob_sas(account_name,account_key, container_name, blob_name):
    sas_blob = generate_blob_sas(account_name=account_name, 
                                container_name=container_name,
                                blob_name=blob_name,
                                account_key=account_key,
                                permission=BlobSasPermissions(read=True),
                                start=start_time,
                                expiry=expiry_time
    )
    return sas_blob
sastoken = get_blob_sas(account_name,account_key, container_name, blob_name)
url = 'https://'+account_name+'.blob.core.windows.net/'+container_name+'/'+blob_name+'?'+sastoken
print(url)

输出:

https://venkat789.blob.core.windows.net/block-image/bike.png?st=2023-12-22T08%3A17%3A19Z&se=2023-12-22T08%3A32%3A19Z&sp=r&sv=2023-11-03&sr=b&sig=efXSiJKBqxxxx

enter image description here

当我复制相同的 blob sas URL 并将其粘贴到浏览器中时,它成功显示了图像。

浏览器: enter image description here

参考: azure.storage.blob 包 |微软学习

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.