我正在通过 CloudStorageAccount 生成 SAS像这样:
var sharedAccessAccountPolicy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1),
Protocols = SharedAccessProtocol.HttpsOnly
};
return cloudStorageAccount.GetSharedAccessSignature(sharedAccessAccountPolicy);
问题是,当我将 SAS 附加到 blob URL 并将生成的字符串粘贴到浏览器中时,我得到 AuthenticationFailed (Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature)与 Signature did not match详细信息。
如果我在 Azure 门户(或 Azure 存储资源管理器)上生成 SAS,则 SAS 可以在浏览器中运行。我注意到 SDK 生成的 SAS 和门户生成的 SAS 之间存在差异。
- 门户显示
?sv=2019-02-02而 SDK 显示?sv=2018-03-28。有没有办法在 SDK 中手动配置它以匹配门户? - 门户添加
:SAS 到期日期,而 SDK 添加%3A。这有什么区别吗?
这是 SDK 的 URL 和 SAS token :
https://myaccount.blob.core.windows.net/mycontainer/giphy.gif?sv=2018-03-28&sig=<sigValue>&spr=https&st=2020-02-22T18%3A02%3A12Z&se=2021-02-22T18%3A02%3A12Z&srt=o&ss=b&sp=rw
页面来源:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c662b297-e01e-0065-19ac-e9e3d0000000
Time:2020-02-22T18:17:24.7226395Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was myaccount
rw
b
o
2020-02-22T18:02:12Z
2120-02-22T18:02:12Z
https
2018-03-28
</AuthenticationErrorDetail></Error>
这是由门户生成的:
?sv=2019-02-02&ss=b&srt=o&sp=rw&se=2021-02-23T02:18:59Z&st=2020-02-22T18:18:59Z&spr=https&sig=<sigValue>
最佳答案
在浪费了很多时间试图找出根本原因后,我自己找到了答案。由于某种原因,必须将 $spr=https 子字符串添加到 token 的末尾。当客户端 SDK 生成 token 时,该子字符串会出现在开头并导致身份验证问题。
关于c# - Azure:SDK 生成的共享访问签名在浏览器中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60354839/