我正在使用 SAS 尝试使用 php 从私有(private) Azure 存储容器下载 blob。但它总是让我犯同样的错误。
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. ...
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used ... /blob/name/container/archive.jpg
</AuthenticationErrorDetail>
</Error>
这是我的代码:
static private function getSASForBlob($accountName,$containerName, $fileName, $resourceType, $permissions, $expiry) {
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName;
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true)
);
}
static public function getBlobDownloadUrl($container,$blob,$accountName,$key){
/* Create the signed query part */
$resourceType='b';
$permissions='r';
/*$expTime_utc = new DateTime(null, new DateTimeZone("UTC"));
$expTime_utc->add(new DateInterval('PT1H'));
$expiry=$expTime_utc->format('Y-m-d\TH:i:s\Z');*/
$expiry = date('Y-m-d\TH:i:s\Z', strtotime('+1 day'));
$_signature=AzureServices::getSASForBlob($accountName,$key,$container, $blob, $resourceType, $permissions, $expiry);
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = "sv=2015-04-05";
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
我尝试按照相同的结构将日期更改为 DateTime,在“$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName” 行中添加和删除“/”。 ..但是什么也没发生,显示了相同的错误消息...... 请帮我。 谢谢
最佳答案
由于您在2015-04-05
中使用了signedversion
,所以除了@Gaurav Mantri的答案之外,还有一点您需要注意,是根据https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx中构建签名字符串部分的描述:
Version 2015-04-05 adds support for the signed IP and signed protocol fields. These must be included in the string-to-sign. To construct the string-to-sign for Blob or File service resources, use the following format:
StringToSign = signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedresource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
rscc + "\n" +
rscd + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct
所以我们需要将函数getSASForBlob
中的$_arraysign
修改为:
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
如有任何进一步的疑问,请随时告诉我。
关于php - 使用 php 的 Azure 共享访问签名错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37556827/