none
如何构造Azure存储的签名验证~~ RRS feed

  • 问题

  • 各位好,

    最近在尝试用JS去调用Blob中的文件和资源,但是涉及到安全问题,我想使用SAS签名在我的url请求中,有没有哪位大神有这方面的代码或者思路,给分享下,万分感激~~

    2014年12月4日 9:19

答案

  • 您好 FlexAs,

    感谢您对Azure的支持。

    首先,关于如何构造SAS,我认为您需要查看下SAS的规则,详情请查看:

    http://msdn.microsoft.com/en-us/library/dn140255.aspx

    您需要在js中构造出类似于这样的字符串:

    StringToSign = signedpermissions + "\n"
                   signedstart + "\n"
                   signedexpiry + "\n"
                   canonicalizedresource + "\n"
                   signedidentifier + "\n"
                   signedversion + "\n"
                   rscc + "\n"
                   rscd + "\n"
                   rsce + "\n"
                   rscl + "\n"
                   rsct

    其次,您在对这个字符串进行加密的过程中,需要用到SHA256加密,可参考这段代码:

    function generateSignature(base64EncodedSharedKey, startTime, endTime, account, container, blobName) {  
       var stringToSign = "rn{0}n{1}n/{2}/{3}/{4}n"  
          .replace(/{0}/, startTime.toIso8061())  
          .replace(/{1}/, endTime.toIso8061())  
          .replace(/{2}/, account)  
          .replace(/{3}/, container)  
          .replace(/{4}/, blobName);  
       var accessKeyBytes = Crypto.util.base64ToBytes(base64EncodedSharedKey);  
       return Crypto.util.bytesToBase64(Crypto.HMAC(Crypto.SHA256, stringToSign, accessKeyBytes, { asBytes: true }));  
    }  

    另外,可参考MSDN官方示例:

    http://msdn.microsoft.com/en-us/library/dn140256.aspx

    在使用JS调用RestAPI的过程中,可将这段SAS的编码加到原有URL的后面,使用httprequest或者是Ajax去请求,同事加上request headers。

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    2014年12月5日 1:48
    版主

全部回复

  • 您好 FlexAs,

    感谢您对Azure的支持。

    首先,关于如何构造SAS,我认为您需要查看下SAS的规则,详情请查看:

    http://msdn.microsoft.com/en-us/library/dn140255.aspx

    您需要在js中构造出类似于这样的字符串:

    StringToSign = signedpermissions + "\n"
                   signedstart + "\n"
                   signedexpiry + "\n"
                   canonicalizedresource + "\n"
                   signedidentifier + "\n"
                   signedversion + "\n"
                   rscc + "\n"
                   rscd + "\n"
                   rsce + "\n"
                   rscl + "\n"
                   rsct

    其次,您在对这个字符串进行加密的过程中,需要用到SHA256加密,可参考这段代码:

    function generateSignature(base64EncodedSharedKey, startTime, endTime, account, container, blobName) {  
       var stringToSign = "rn{0}n{1}n/{2}/{3}/{4}n"  
          .replace(/{0}/, startTime.toIso8061())  
          .replace(/{1}/, endTime.toIso8061())  
          .replace(/{2}/, account)  
          .replace(/{3}/, container)  
          .replace(/{4}/, blobName);  
       var accessKeyBytes = Crypto.util.base64ToBytes(base64EncodedSharedKey);  
       return Crypto.util.bytesToBase64(Crypto.HMAC(Crypto.SHA256, stringToSign, accessKeyBytes, { asBytes: true }));  
    }  

    另外,可参考MSDN官方示例:

    http://msdn.microsoft.com/en-us/library/dn140256.aspx

    在使用JS调用RestAPI的过程中,可将这段SAS的编码加到原有URL的后面,使用httprequest或者是Ajax去请求,同事加上request headers。

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    2014年12月5日 1:48
    版主
  • 请问下,您的Crypto 是怎么来的,使用的是JS的库吗?
    2014年12月5日 2:10
  • 是的,您可以在网络上寻找一些官方的js库引入到您的项目中,对sas进行加密。

    关于这个case,您也可参照该文档:

    http://msdn.microsoft.com/zh-cn/library/azure/dn495627.aspx

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    2014年12月5日 2:14
    版主
  • 明白了,是这样的, 多谢您的分享~~
    2014年12月5日 2:26