我正在通过 CloudStorageAccount
生成 SAS像这样:
var sharedAccessAccountPolicy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1),
Protocols = SharedAccessProtocol.HttpsOnly
};
return cloudStorageAccount.GetSharedAccessSignature(sharedAccessAccountPolicy);
问题是,当我将 SAS 附加到 blob URL 并将生成的字符串粘贴到浏览器中时,我得到 AuthenticationFailed (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature)
与 Signature did not match
详细信息。
如果我在 Azure 门户(或 Azure 存储资源管理器)上生成 SAS,则 SAS 可以在浏览器中运行。我注意到 SDK 生成的 SAS 和门户生成的 SAS 之间存在差异。
- 门户显示
?sv=2019-02-02
而 SDK 显示?sv=2018-03-28
。有没有办法在 SDK 中手动配置它以匹配门户? - 门户添加
:
SAS 到期日期,而 SDK 添加%3A
。这有什么区别吗?
这是 SDK 的 URL 和 SAS token :
https://myaccount.blob.core.windows.net/mycontainer/giphy.gif?sv=2018-03-28&sig=<sigValue>&spr=https&st=2020-02-22T18%3A02%3A12Z&se=2021-02-22T18%3A02%3A12Z&srt=o&ss=b&sp=rw
页面来源:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c662b297-e01e-0065-19ac-e9e3d0000000
Time:2020-02-22T18:17:24.7226395Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was myaccount
rw
b
o
2020-02-22T18:02:12Z
2120-02-22T18:02:12Z
https
2018-03-28
</AuthenticationErrorDetail></Error>
这是由门户生成的:
?sv=2019-02-02&ss=b&srt=o&sp=rw&se=2021-02-23T02:18:59Z&st=2020-02-22T18:18:59Z&spr=https&sig=<sigValue>
最佳答案
在浪费了很多时间试图找出根本原因后,我自己找到了答案。由于某种原因,必须将 $spr=https
子字符串添加到 token 的末尾。当客户端 SDK 生成 token 时,该子字符串会出现在开头并导致身份验证问题。
关于c# - Azure:SDK 生成的共享访问签名在浏览器中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60354839/