Azure - 为列表blob调用Storage rest api

Question

What I am trying to do is connect to the Azure Storage Rest API List Blobs. Ref: http://msdn.microsoft.com/en-us/library/windowsazure/dd135734.aspx

I have tried to follow http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx in order to specify the authorization header however I get a 403 error - forbidden.

Code:

Uri address = new Uri("https://account.blob.core.windows.net/$logs?restype=container&comp=list");
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(address);
req.Headers["x-ms-date"] = "2013-09-04";
req.Headers["x-ms-version"] = "2012-02-12";
req.Method = "GET";

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/blob\ncomp:list\nrestype:container"; // resources

string accountName = "account";
string key = Convert.ToBase64String(Encoding.Default.GetBytes(StringToSign));
req.Headers["Authorization"] = string.Format("SharedKey {0}:{1}", accountName, key);

HttpWebResponse resp = req.GetResponse() as HttpWebResponse;

Can anyone see any mistakes? Is there a tool which can generate the key? One thing I am not sure of is I am encoding/hashing the string correctly.

Thanks, Andrew

Update with latest code. This code gives me a Forbidden error.

DateTime dt = DateTime.UtcNow;
string StringToSign = "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: " + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container";

string auth = SignThis(StringToSign, "accountkey", "account");
string method = "GET";
string urlPath = "https://account.blob.core.windows.net/$logs?restype=container&comp=list";
Uri uri = new Uri(urlPath);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-date", dt.ToString("R"));
request.Headers.Add("x-ms-version", "2012-02-12");
request.Headers.Add("Authorization", auth);

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
}

Answer 1

There are some issues with the code above. But before that, first thing you would need is the key for your storage account. You can get it from Windows Azure Portal. Click on the storage account name in the portal and then click on "MANAGE ACCESS KEYS" as shown in the screenshot below:

Now for the issues:

The way you're creating the authorization header is incorrect. For creating the authorization header, you would need account name, account key and StringToSign from your code above. Try this code:

private static String SignThis(String StringToSign, string Key, string Account)
        {
            String signature = string.Empty;
            byte[] unicodeKey = Convert.FromBase64String(Key);
            using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(canonicalizedString);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                  CultureInfo.InvariantCulture,
                  "{0} {1}:{2}",
                  "SharedKey",
                  Account,
                  signature);

            return authorizationHeader;
        }

The function above will provide authorization header which you would need to pass as authorization.

2nd thing I noticed was that in the code for StringToSign , you're not passing the container name. So your StringToSign should be:

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container"; // resources 

You mentioned that you're quite new to Windows Azure. If I may suggest - implementing REST API has been done by a number of folks earlier also. Please take a look at what they have done instead of trying to do the same thing again. You may find these links useful:

http://convective.wordpress.com/2010/08/18/examples-of-the-windows-azure-storage-services-rest-api/

http://azurestoragesamples.codeplex.com/ - Look at the REST API implementation in this project.

UPDATE

Here's the working code (just change the account name, key and the container name)

static void ListContainers()
{
    string Account = "account";
    string Key = "key";
    string Container = "$logs";
    DateTime dt = DateTime.UtcNow;
    string StringToSign = String.Format("GET\n"
        + "\n" // content encoding
        + "\n" // content language
        + "\n" // content length
        + "\n" // content md5
        + "\n" // content type
        + "\n" // date
        + "\n" // if modified since
        + "\n" // if match
        + "\n" // if none match
        + "\n" // if unmodified since
        + "\n" // range
        + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
        + "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);

    string auth = SignThis(StringToSign, Key, Account);
    string method = "GET";
    string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
    Uri uri = new Uri(urlPath);
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    request.Method = method;
    request.Headers.Add("x-ms-date", dt.ToString("R"));
    request.Headers.Add("x-ms-version", "2012-02-12");
    request.Headers.Add("Authorization", auth);

    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {
    }
}

Hope this helps.