我曾经能够使用 v11 Azure SDK API 在 Blob 上创建共享访问签名,如下所示:
var containerName = "mycontainer";
var blobName = "myblob";
CloudStorageAccount storageAccount
= CloudStorageAccount.Parse(<StorageConnectionString>);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.Read;
TimeSpan clockSkew = TimeSpan.FromMinutes(15d);
TimeSpan accessDuration = TimeSpan.FromMinutes(15d);
var blobSAS = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.Subtract(clockSkew),
SharedAccessExpiryTime = DateTime.UtcNow.Add(accessDuration) + clockSkew,
Permissions = permissions
};
CloudBlockBlob blob = container.GetBlockBlobReference(blobName);
string sasBlobToken = blob.GetSharedAccessSignature(blobSAS);
...
我想使用最新的 v12 .NET API,该 API 似乎将 CloudBlobClient 替换为 BlobServiceClient,将 CloudBlobContainer 替换为 BlobContainerClient code> 和 CloudBlockBlob 由 BlobClient 提供。
但是,在 CloudBlockBlob 实例上可用的方法 GetSharedAccessSignature 在 BlobClient 实例上不可用。
问题
如何使用最新的 Azure SDK .NET API v12 从 BlobClient 实例获取共享访问签名?
最佳答案
Sajeetharan 的回答让我寻找 BlobSasBuilder类,它确实存在。
以下是我如何在服务器上构建一个:
// Creates a client to the BlobService using the connection string.
var blobServiceClient = new BlobServiceClient(storageConnectionString);
// Gets a reference to the container.
var blobContainerClient = blobServiceClient.GetBlobContainerClient(<ContainerName>);
// Gets a reference to the blob in the container
BlobClient blobClient = containerClient.GetBlobClient(<BlobName>);
// Defines the resource being accessed and for how long the access is allowed.
var blobSasBuilder = new BlobSasBuilder
{
StartsOn = DateTime.UtcNow.Subtract(clockSkew),
ExpiresOn = DateTime.UtcNow.Add(accessDuration) + clockSkew,
BlobContainerName = <ContainerName>,
BlobName = <BlobName>,
};
// Defines the type of permission.
blobSasBuilder.SetPermissions(BlobSasPermissions.Write);
// Builds an instance of StorageSharedKeyCredential
var storageSharedKeyCredential = new StorageSharedKeyCredential(<AccountName>, <AccountKey>);
// Builds the Sas URI.
BlobSasQueryParameters sasQueryParameters = blobSasBuilder.ToSasQueryParameters(storageSharedKeyCredential);
以下是如何在客户端使用它:
// Builds the URI to the blob storage.
UriBuilder fullUri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", <AccountName>),
Path = string.Format("{0}/{1}", <ContainerName>, <BlobName>),
Query = sasQueryParameters.ToString()
};
// Get an instance of BlobClient using the URI.
var blobClient = new BlobClient(fullUri.Uri, null);
// Upload stuff in the blob.
await blobClient.UploadAsync(stream);
附录
正如@one2012在评论中提到的,a page has been put up few months later在这个答案之后展示了 Azure.Storage 命名空间中找到的所有功能。该链接对于获取更多信息很有用。
更新
在服务器端,我有一个 Azure Function,它现在将 Azure 存储与该函数的托管标识连接起来。当我连接存储时,我不再使用帐户,仅使用存储的端点:
BlobContainerClient blobContainerClient = new(new Uri(containerEndpoint), new DefaultAzureCredential());
这使得初始服务器代码的以下部分变得有点棘手,因为我曾经使用 CloudStorageAccount.Credentials.GetExportKeys() 方法来获取帐户的 key 。使用托管身份时,我似乎无法再访问它:
// Builds an instance of StorageSharedKeyCredential
var storageSharedKeyCredential = new StorageSharedKeyCredential(<AccountName>, <AccountKey>);
事实证明我必须使用 User Delegation构建 SAS Uri:
...
BlobServiceClient blobServiceClient = blobClient.GetParentBlobContainerClient().GetParentBlobServiceClient();
UserDelegationKey userDelegationKey = await blobServiceClient.GetUserDelegationKeyAsync
(
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddMinutes(5d)
);
BlobUriBuilder blobUriBuilder = new (blobClient.Uri)
{
// Specify the user delegation key.
Sas = blobSasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
};
string uri = blobUriBuilder.ToUri();
关于c# - 如何使用最新的 Azure SDK .NET API v12 在 Blob 上获取共享访问签名?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59118346/