如何获取Azure存储帐户密钥
[英]How to get Azure Storage Account Key
问题描述
I want to upload a file to an Azure Storage account that is automatically generated (As part of a Service Fabric resource group, with a known name), using C#. 
我想使用C#将文件上传到自动生成的Azure存储帐户(作为Service Fabric资源组的一部分,具有已知名称)。
I need to upload the file as a blob to allow it to be publicly available. 我需要将文件上传为Blob,以使其可以公开使用。
The tutorial Get started with Azure Blob storage using .NET uses a connection string stored in the App.config file. 使用.NET入门Azure Blob存储教程使用了存储在App.config文件中的连接字符串。 Since I want to use the to-be-generated storage account, I can't use such a method. 由于我要使用要生成的存储帐户,因此无法使用这种方法。
The prefered method is using the user's AD somehow in order to get the key of the storage account. 首选方法是以某种方式使用用户的AD来获取存储帐户的密钥。
This link: Get Storage Account Key shows how to GET it with a Rest request, so I guess there is a way to do it using C# code. 此链接: 获取存储帐户密钥显示了如何通过Rest请求获取它,因此我想有一种使用C#代码进行存储的方法。
It seems to me, that the solution is using the StorageManagementClient class , which has a StorageAccounts property, though I could not find a way to authenticate it using AzureAd. 在我看来,该解决方案使用的是StorageManagementClient 类 , 该类具有StorageAccounts属性,尽管我找不到使用AzureAd对其进行身份验证的方法。
I tried using AuthenticationContext.AcquireTokenAsync , and aquiring a token for diffenent resources, for instance: https://management.azure.com/ , but when using the token, I get the following error: 我尝试使用AuthenticationContext.AcquireTokenAsync ,并为不同的资源获取令牌,例如: https://management.azure.com/ : https://management.azure.com/ ,但是使用令牌时,出现以下错误:
Microsoft.WindowsAzure.CloudException: AuthenticationFailed: The JWT token does not contain expected audience uri 'https://management.core.windows.net/'.
When using the resource https://management.core.windows.net/ I get a different error: 使用资源https://management.core.windows.net/出现另一个错误:
Microsoft.WindowsAzure.CloudException: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
Is there a different resource I should use, different method, or maybe it's impossible? 我应该使用不同的资源,不同的方法,还是不可能?
1 个解决方案
解决方案1
3 已采纳 2016-12-16 10:19:49
To use the Storage Service Management REST , we need to specify the resource to https://management.core.windows.net/ instead of https://management.azure.com/ . 要使用Storage Service Management REST ,我们需要将资源指定为https://management.core.windows.net/而不是https://management.azure.com/ 。 And this is using the operate the classic storage account. 而这是使用经典存储帐户的操作。
The https://management.azure.com/ is the new endpoint for the Azure REST service . https://management.azure.com/是Azure REST服务的新终结点。 If you want to handle the new storage account, you need to use this resource. 如果要处理新的存储帐户,则需要使用此资源。 And below is a sample using the new Azure REST for your reference: 下面是使用新的Azure REST的示例供您参考:
POST: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resrouceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}/listKeys?api-version=2016-01-01
Authorization: Bearer {token}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.