[英]Authorization of Azure Storage service REST API
I've been stuck for the whole day making my first call of Azure Storage REST API. 我整天忙于第一次拨打Azure Storage REST API。 Postman's response showed that it's due to error in Azure authentication, but I have no idea what's the problem.
邮递员的回复表明,这是由于Azure身份验证中的错误所致,但我不知道出了什么问题。
Here is the browser script to send Azure Storage REST API: 这是发送Azure存储REST API的浏览器脚本:
function azureListContainers() {
var key = "key-copied-from-azure-storage-account";
var strTime = (new Date()).toUTCString();
var strToSign = 'GET\n\n\n\nx-ms-date:' + strTime + '\nx-ms-version:2015-12-11\n/myaccount/?comp=list';
var hash = CryptoJS.HmacSHA256(strToSign, key);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = "SharedKeyLite myaccount:"+hashInBase64;
console.log(strToSign);
console.log(auth);
console.log(strTime);
$.ajax({
type: "GET",
beforeSend: function (request)
{
request.setRequestHeader("Authorization", auth);
request.setRequestHeader("x-ms-date", strTime);
request.setRequestHeader("x-ms-version", "2015-12-11");
},
url: "https://myaccount.blob.core.windows.net/?comp=list",
processData: false,
success: function(msg) {
console.log(msg);
}
});
}
Chrome Developer Tool just returned No 'Access-Control-Allow-Origin' header without further reason, so I copied the contents of var auth
and var strTime
, created the same request using Postman tool: Chrome开发人员工具刚刚返回
var strTime
-Control-Allow-Origin'标头,没有其他原因,因此我复制了var auth
和var strTime
的内容,并使用Postman工具创建了相同的请求:
[Command]
GET https://myaccount.blob.core.windows.net/?comp=list
[Headers]
Authorization:SharedKeyLite myaccount:Z9/kY/D+osJHHz3is+8yJRqhj09VUlr5n+PlePUa8Lk=
x-ms-date:Tue, 09 Aug 2016 10:30:49 GMT
x-ms-version:2015-12-11
[Response Body]
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:9be3d595-0001-0012-4929-f2fde2000000
Time:2016-08-09T10:31:52.6542965Z</Message>
<AuthenticationErrorDetail>The MAC signature found in the HTTP request 'Z9/kY/D+osJHHz3is+8yJRqhj09VUlr5n+PlePUa8Lk=' is not the same as any computed signature. Server used following string to sign: 'GET
x-ms-date:Tue, 09 Aug 2016 10:30:49 GMT
x-ms-version:2015-12-11
/myaccount/?comp=list'.</AuthenticationErrorDetail>
</Error>
After diff the two strings, I believe var strToSign
in my script is the same as the string Azure used to sign. 对两个字符串进行比较后,我相信脚本中的
var strToSign
与Azure用于签名的字符串相同。 But still there was an authentication error. 但是仍然存在验证错误。 Please help indicate what's the problem.
请帮助指出问题所在。
Chrome Developer Tool just returned No 'Access-Control-Allow-Origin' header
Chrome开发者工具刚刚返回No'Access-Control-Allow-Origin'标头
As you are using javascript to send http requests against to Azure Storage Server directly from client. 当您使用javascript直接从客户端向Azure存储服务器发送http请求时。 It's a common CORS issue.
这是一个常见的CORS问题。
When you occur this issue, you can enable the CORS for your storage services . 发生此问题时,可以为存储服务启用CORS 。 For simple, you can leverage Microsoft Azure Storage Explorer to configure your storage.
简单来说,您可以利用Microsoft Azure存储资源管理器来配置存储。
AuthenticationFailed
AuthenticationFailed
I did two modifications based on your code snippet, in my test project to make it work. 我在测试项目中根据您的代码片段进行了两次修改,以使其正常工作。
var hash = CryptoJS.HmacSHA256(strToSign, key);
The second parameter, should be a base64 decode from the account key, refer to the Azure Storage SDK for node.js SharedKey
scheme and authenticate with SharedKey
token to make your scenario to work. SharedKey
方案并使用SharedKey
令牌进行身份验证才能使您的方案正常工作。 Here is my test code snippet, FYI., 这是我的测试代码段,仅供参考。
var key = "key-copied-from-azure-storage-account";
var strTime = (new Date()).toUTCString();
var strToSign = 'GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:' + strTime + '\nx-ms-version:2015-12-11\n/<accountname>/\ncomp:list';
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = "SharedKey <accountname>:"+hashInBase64;
Additionally, for security reason, please implement the Azure Storage Services in backend web server. 此外,出于安全原因,请在后端Web服务器中实施Azure存储服务。 As using pure javascript on client, will expose your account name and account key to public, which will raise the risk to your data and info.
在客户端上使用纯JavaScript时,会将您的帐户名和帐户密钥公开给公众,这将增加您的数据和信息的风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.