使用帐户 SAS 的 Azure Blob 存储容器属性 - 身份验证失败

问题描述 投票:0回答:1

我已设法生成服务 SAS 来列出容器中的 blob,但是我无法使用帐户 SAS 获取容器属性,这是我得到的错误:

<?xml version="1.0" encoding="utf-8"?>
<Error>
    <Code>AuthenticationFailed</Code>
    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:63a5ec3b-601e-0016-4e07-4a125b000000
Time:2024-01-18T12:08:26.1877828Z</Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was devreferenceapidatasa
rwl
b
sc
2024-01-18T12:07:27Z
2024-01-18T12:17:27Z

https
2023-11-03

</AuthenticationErrorDetail>
</Error>

我已遵循 Azure 文档: https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas https://learn.microsoft.com/en-us/rest/api/storageservices/get-container-properties?tabs=microsoft-entra-id

这是我的JS代码

var accountName = "reference-data";
var signedPermissions = "rwl";
var signedService = "b";
var signedStart = start;
var signedExpiry = end;
var signedResourceType = "sc";
var signedProtocol = "https";
var signedVersion = "2023-11-03";

function generateSas(storageAccountKey, input) {
    input = decodeURI(input)
    const keyBytes = CryptoJS.enc.Base64.parse(storageAccountKey)
    const hash = CryptoJS.HmacSHA256(input, keyBytes)
    const hashB64 = CryptoJS.enc.Base64.stringify(hash)
    const hashB64UriEncoded = encodeURIComponent(hashB64)
    
    return hashB64UriEncoded
}

var stringToSign = accountName + "\n" +  
    signedPermissions + "\n" +  
    signedService + "\n" +  
    signedResourceType + "\n" +  
    signedStart + "\n" +  
    signedExpiry + "\n" +  
    signedProtocol + "\n" +  
    signedVersion + "\n"

var key = MY_KEY;

const sig = generateSas(key, stringToSign)
var sasToken = `sv=${signedVersion}&ss=${signedService}&srt=${signedResourceType}&sp=${signedPermissions}&st=${signedStart}&se=${signedExpiry}&spr=${signedProtocol}&sig=${sig}`;

var url = `https://devreferenceapidatasa.blob.core.windows.net/reference-data?restype=container&${sasToken}`
azure-blob-storage azure-sas
1个回答
0
投票

根据文档

here
,要签名的字符串的格式应为:

StringToSign = accountname + "\n" +  
    signedpermissions + "\n" +  
    signedservice + "\n" +  
    signedresourcetype + "\n" +  
    signedstart + "\n" +  
    signedexpiry + "\n" +  
    signedIP + "\n" +  
    signedProtocol + "\n" +  
    signedversion + "\n"

如果您注意到,您的代码中缺少 

signedIP
。请尝试将您的代码更改为如下所示:

var accountName = "reference-data";
var signedPermissions = "rwl";
var signedService = "b";
var signedStart = start;
var signedExpiry = end;
var signedIP = "";//add signed IP
var signedResourceType = "sc";
var signedProtocol = "https";
var signedVersion = "2023-11-03";

function generateSas(storageAccountKey, input) {
    input = decodeURI(input)
    const keyBytes = CryptoJS.enc.Base64.parse(storageAccountKey)
    const hash = CryptoJS.HmacSHA256(input, keyBytes)
    const hashB64 = CryptoJS.enc.Base64.stringify(hash)
    const hashB64UriEncoded = encodeURIComponent(hashB64)
    
    return hashB64UriEncoded
}

var stringToSign = accountName + "\n" +  
    signedPermissions + "\n" +  
    signedService + "\n" +  
    signedResourceType + "\n" +  
    signedStart + "\n" +  
    signedExpiry + "\n" +  
    signedIP + "\n" +
    signedProtocol + "\n" +  
    signedVersion + "\n"

var key = MY_KEY;

const sig = generateSas(key, stringToSign)
var sasToken = `sv=${signedVersion}&ss=${signedService}&srt=${signedResourceType}&sp=${signedPermissions}&st=${signedStart}&se=${signedExpiry}&spr=${signedProtocol}&sig=${sig}`;

var url = `https://devreferenceapidatasa.blob.core.windows.net/reference-data?restype=container&${sasToken}`
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.