我已设法生成服务 SAS 来列出容器中的 blob,但是我无法使用帐户 SAS 获取容器属性,这是我得到的错误:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:63a5ec3b-601e-0016-4e07-4a125b000000
Time:2024-01-18T12:08:26.1877828Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was devreferenceapidatasa
rwl
b
sc
2024-01-18T12:07:27Z
2024-01-18T12:17:27Z
https
2023-11-03
</AuthenticationErrorDetail>
</Error>
我已遵循 Azure 文档: https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas https://learn.microsoft.com/en-us/rest/api/storageservices/get-container-properties?tabs=microsoft-entra-id
这是我的JS代码
var accountName = "reference-data";
var signedPermissions = "rwl";
var signedService = "b";
var signedStart = start;
var signedExpiry = end;
var signedResourceType = "sc";
var signedProtocol = "https";
var signedVersion = "2023-11-03";
function generateSas(storageAccountKey, input) {
input = decodeURI(input)
const keyBytes = CryptoJS.enc.Base64.parse(storageAccountKey)
const hash = CryptoJS.HmacSHA256(input, keyBytes)
const hashB64 = CryptoJS.enc.Base64.stringify(hash)
const hashB64UriEncoded = encodeURIComponent(hashB64)
return hashB64UriEncoded
}
var stringToSign = accountName + "\n" +
signedPermissions + "\n" +
signedService + "\n" +
signedResourceType + "\n" +
signedStart + "\n" +
signedExpiry + "\n" +
signedProtocol + "\n" +
signedVersion + "\n"
var key = MY_KEY;
const sig = generateSas(key, stringToSign)
var sasToken = `sv=${signedVersion}&ss=${signedService}&srt=${signedResourceType}&sp=${signedPermissions}&st=${signedStart}&se=${signedExpiry}&spr=${signedProtocol}&sig=${sig}`;
var url = `https://devreferenceapidatasa.blob.core.windows.net/reference-data?restype=container&${sasToken}`
here
,要签名的字符串的格式应为:
StringToSign = accountname + "\n" +
signedpermissions + "\n" +
signedservice + "\n" +
signedresourcetype + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n"
如果您注意到,您的代码中缺少
signedIP
。请尝试将您的代码更改为如下所示:
var accountName = "reference-data";
var signedPermissions = "rwl";
var signedService = "b";
var signedStart = start;
var signedExpiry = end;
var signedIP = "";//add signed IP
var signedResourceType = "sc";
var signedProtocol = "https";
var signedVersion = "2023-11-03";
function generateSas(storageAccountKey, input) {
input = decodeURI(input)
const keyBytes = CryptoJS.enc.Base64.parse(storageAccountKey)
const hash = CryptoJS.HmacSHA256(input, keyBytes)
const hashB64 = CryptoJS.enc.Base64.stringify(hash)
const hashB64UriEncoded = encodeURIComponent(hashB64)
return hashB64UriEncoded
}
var stringToSign = accountName + "\n" +
signedPermissions + "\n" +
signedService + "\n" +
signedResourceType + "\n" +
signedStart + "\n" +
signedExpiry + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedVersion + "\n"
var key = MY_KEY;
const sig = generateSas(key, stringToSign)
var sasToken = `sv=${signedVersion}&ss=${signedService}&srt=${signedResourceType}&sp=${signedPermissions}&st=${signedStart}&se=${signedExpiry}&spr=${signedProtocol}&sig=${sig}`;
var url = `https://devreferenceapidatasa.blob.core.windows.net/reference-data?restype=container&${sasToken}`