[英]Getting error while generating SAS uri using latest azure version
this.container = new BlobContainerClient(new Uri(connectionString), new DefaultAzureCredential());
BlobServiceClient blobServiceClient = this.container.GetParentBlobServiceClient();
Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));
foreach (DataRow row in dt.Rows)
{
string path = folderName + "/" + row.ItemArray[7] + "/" + row.ItemArray[0] + ".png";
BlobClient blobClient = this.container.GetBlobClient(path);
bool isexists = blobClient.Exists();
if(isexists)
{
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
Resource = "b",
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddDays(1)
};
// Specify read and write permissions for the SAS.
sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write);
// Add the SAS token to the blob URI.
BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
// Specify the user delegation key.
Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
};
}
}
I need to generate SAS uri for each blob but getting Authorization Mismatch error on GetUserDelegationKey Is there any access which is missing or anything else which I need to do.我需要为每个 blob 生成 SAS uri,但在 GetUserDelegationKey 上出现授权不匹配错误是否有任何丢失的访问权限或我需要做的任何其他事情。
I tried reproduce in my environment and got below results:我尝试在我的环境中重现并得到以下结果:
Authorisation mismatch error:
SAS
permission whether you are trying to do a write operation with a SAS which only permits read.SAS
权限是否尝试使用仅允许读取的 SAS 执行写入操作。RBAC
permissions Whether trying to do a write operation while user does not have necessary RBAC permissions on the object.RBAC
权限 是否在用户对 object 没有必要的 RBAC 权限时尝试执行写操作。 Also check the Access control(IAM) which is in storage blob contributor role
还要检查
storage blob contributor role
中的访问控制 (IAM)
Code:代码:
using Azure.Identity;
using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using Azure.Storage.Blobs.Specialized;
using Azure.Storage.Sas;
namespace SAStoken
{
class Program
{
private static void Main()
{
var storageAccountUriString = $"https://storage1326.blob.core.windows.net";
var credential = new DefaultAzureCredential();
var blobServiceClient = new BlobServiceClient(new Uri(storageAccountUriString), credential);
var userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));
var blobContainerClient = blobServiceClient.GetBlobContainerClient("container1"); //container name
var blobClient = blobContainerClient.GetBlobClient("folder1"); // my image blob name
var sasBuilder = new BlobSasBuilder()
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
Resource = "b", // b for blob, c for container
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
};
sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write); // read write permissions
BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
// Specify the user delegation key.
Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
};
Console.WriteLine("Blob user delegation SAS URI: {0}", blobUriBuilder);
}
}
}
Console:安慰:
Output: Output:
Reference: Create a user delegation SAS - Azure Storage |参考: 创建用户委托 SAS - Azure 存储 | Microsoft Learn
微软学习
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.