none
[SAS 下载blob] string-to-sign 中资源格式 RRS feed

  • 问题

  • 你好!

    在调试使用SAS签名进行blob的下载,发现签名的资源格式并不是

    https://msdn.microsoft.com/zh-cn/library/azure/dn140256.aspx

    中给出的 "blob/myaccount/pictures/profile.jpg" 的形式。blob前面需要有一个"/"。我使用的签名版本是 2015-04-05,如果没有"/" 会提示

    Signature did not match. String to sign used was r

    2016-01-10T07:11:28Z
    /blob/anyshare/develop-test/a734fbfd-408e-41e1-af09-f71d56d06c5d/B3C1EF733D6043088D80F53F38E06F3D/568493062E934C5086532081C87471E2
    (后面省略)

    这个问题是实现与文档描述不一致,还是我看的示例和使用的版本之间不统一。如果我看的示例版本是不对的,能不能给出正确的链接?

    谢谢!

    2016年1月10日 9:34

答案

  • Hi,

    经过我的测试我们的确需要在blob/myaccount/pictures/profile.jpg前加“/”。

    下面是我测试时下载test blob下Capture.PNG图片的代码:

     public static string GenerateSAS()
            {
                string sas = "";         
                string accountName = "";
                string accountKey = "";
                string signedpermissions = "r";
                string signedstart = DateTime.UtcNow.ToString("O");
                string signedexpiry = DateTime.UtcNow.AddDays(1).ToString("O");
                string canonicalizedresource = "/blob/"+accountName+"/test/Capture.PNG";
                string signedidentifier = "";
                string signedversion = "2015-04-05";
                string rscc = "";
                string rscd = "file; attachment";
                string rsce = "";
                string rscl = "";
                string rsct = "binary";
    
    
                string StringToSign = signedpermissions + "\n" +
                   signedstart + "\n" +
                   signedexpiry + "\n" +
                   canonicalizedresource + "\n" +
                   signedidentifier + "\n" +
                   "" + "\n" +
                   "" + "\n" +
                   signedversion + "\n" +
                   rscc + "\n" +
                   rscd + "\n" +
                   rsce + "\n" +
                   rscl + "\n" +
                   rsct;
                byte[] SignatureBytes = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                System.Security.Cryptography.HMACSHA256 SHA256 = new System.Security.Cryptography.HMACSHA256(Convert.FromBase64String(accountKey));
                string sig = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
    
                string sasURL = string.Format("http://{0}.blob.core.windows.net/test/Capture.PNG?sv={1}&sr={2}&sig={3}&st={4}&se={5}&sp={6}&rscd={7}&rsct={8}",
                     HttpUtility.UrlEncode(accountName),,
                    HttpUtility.UrlEncode(signedversion),
                    HttpUtility.UrlEncode("b"),
                    HttpUtility.UrlEncode(sig),
                    HttpUtility.UrlEncode(signedstart),
                    HttpUtility.UrlEncode(signedexpiry),
                    HttpUtility.UrlEncode(signedpermissions),
                      HttpUtility.UrlEncode(rscd),
                    HttpUtility.UrlEncode(rsct)
                    );
    
    
                return sas;
            }

    我将把文档中出现的问题Report到相关的团队,对你造成的困扰,深感抱歉。

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    2016年1月11日 7:57
    版主

全部回复

  • Hi,

    文档上确实没有“/”, 签名不匹配可能有多个因素,若改成:blob/myaccount/pictures/profile.jpg 你能用SAS签名下载文件?我将在本地测试进一步确认是否文档有错误。如果你有任何发现,也欢迎继续回帖。

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    2016年1月11日 5:26
    版主
  • 去掉"/"后无法下载,下面是服务器返回的完整异常消息(我还不能发图)。blob/... 前有"/"

    <Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
    RequestId:61c34542-0001-0021-0835-4c07cf000000
    Time:2016-01-11T05:58:04.5965055Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was r

    2016-01-11T06:10:58Z
    /blob/anyshare/develop-test/a734fbfd-408e-41e1-af09-f71d56d06c5d/B3C1EF733D6043088D80F53F38E06F3D/568493062E934C5086532081C87471E2



    2015-04-05

    attachment; filename*=utf-8''80.177.4.txt


    </AuthenticationErrorDetail></Error>

    2016年1月11日 6:02
  • Hi,

    经过我的测试我们的确需要在blob/myaccount/pictures/profile.jpg前加“/”。

    下面是我测试时下载test blob下Capture.PNG图片的代码:

     public static string GenerateSAS()
            {
                string sas = "";         
                string accountName = "";
                string accountKey = "";
                string signedpermissions = "r";
                string signedstart = DateTime.UtcNow.ToString("O");
                string signedexpiry = DateTime.UtcNow.AddDays(1).ToString("O");
                string canonicalizedresource = "/blob/"+accountName+"/test/Capture.PNG";
                string signedidentifier = "";
                string signedversion = "2015-04-05";
                string rscc = "";
                string rscd = "file; attachment";
                string rsce = "";
                string rscl = "";
                string rsct = "binary";
    
    
                string StringToSign = signedpermissions + "\n" +
                   signedstart + "\n" +
                   signedexpiry + "\n" +
                   canonicalizedresource + "\n" +
                   signedidentifier + "\n" +
                   "" + "\n" +
                   "" + "\n" +
                   signedversion + "\n" +
                   rscc + "\n" +
                   rscd + "\n" +
                   rsce + "\n" +
                   rscl + "\n" +
                   rsct;
                byte[] SignatureBytes = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                System.Security.Cryptography.HMACSHA256 SHA256 = new System.Security.Cryptography.HMACSHA256(Convert.FromBase64String(accountKey));
                string sig = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
    
                string sasURL = string.Format("http://{0}.blob.core.windows.net/test/Capture.PNG?sv={1}&sr={2}&sig={3}&st={4}&se={5}&sp={6}&rscd={7}&rsct={8}",
                     HttpUtility.UrlEncode(accountName),,
                    HttpUtility.UrlEncode(signedversion),
                    HttpUtility.UrlEncode("b"),
                    HttpUtility.UrlEncode(sig),
                    HttpUtility.UrlEncode(signedstart),
                    HttpUtility.UrlEncode(signedexpiry),
                    HttpUtility.UrlEncode(signedpermissions),
                      HttpUtility.UrlEncode(rscd),
                    HttpUtility.UrlEncode(rsct)
                    );
    
    
                return sas;
            }

    我将把文档中出现的问题Report到相关的团队,对你造成的困扰,深感抱歉。

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    2016年1月11日 7:57
    版主
  • 谢谢! 回复很及时 :)
    2016年1月11日 8:06