我无法访问 Azure blob 存储
[英]I'm unable to access Azure blob storage
问题描述
I have created Azure Storage account, inside storage account created container and uploaded files to my container.
我创建了 Azure 存储帐户,在存储帐户内创建了容器并将文件上传到我的容器。
When I tried to access the Container from browser.当我试图从浏览器访问容器时。 Getting: This request is not authorized to perform this operation .正在获取:此请求无权执行此操作。 ,Assigned Storage blob Contributer and also Storage Blob Owner but same issue. ,已分配存储 blob 贡献者和存储 Blob 所有者,但问题相同。
2 个解决方案
解决方案1
0 2022-12-27 07:19:36
I tried to reproduce the same in my environment to access the blob Storage.我试图在我的环境中重现相同的内容以访问 blob 存储。 As I got below正如我在下面
I created storage account with container, like below.我使用容器创建了存储帐户,如下所示。
Azure Portal > Storage accounts > Create a Storage Account Azure 传送门 > 存储账户 > 创建存储账户
Note: If you want to access Azure Blob from public Inte.net, Select Enable public access from all.networks under Networking section or if you select Enable public access from selected Virtual.network and IP Address, it will access only particular Virtual Network.
**Container Creation: ** **容器创建:**
Azure Storage Account > Containers > Container > Azure 存储账户 > 容器 > 容器 >
Assigned Storage Blob Data Contributor to my storage account, Like below.将存储 Blob 数据贡献者分配给我的存储帐户,如下所示。
Azure Storage Account > Select your Storage Account > Access Control (IAM)> Add > Add role Assignment > Storage Blob Data Contributor . Azure Storage Account > Select 你的 Storage Account > Access Control (IAM) > Add > Add role Assignment > Storage Blob Data Contributor 。
My blob is accessible over the Public Inte.net我的 blob 可以通过 Public Inte.net 访问
解决方案2
0 2023-01-13 10:10:58
Those files/container are private, this means only authorised users can access to them.这些文件/容器是私有的,这意味着只有授权用户才能访问它们。 To access a particular file with your browser, you need to grant permissions to that file.要使用浏览器访问特定文件,您需要授予该文件的权限。 One of many solutions is to use SAS token (Shared Access Signature).许多解决方案之一是使用 SAS 令牌(共享访问签名)。 In resume, this will generate a url with a token and this url can be pasted in a browser to access the file.在简历中,这将生成带有令牌的 url,可以将此 url 粘贴到浏览器中以访问该文件。
SAS token can be configured at some levels: SAS 令牌可以在某些级别进行配置:
- User delegation用户授权
- Service服务
- Account帐户
One of the benefits (it has a lot more) of SAS token is that you can define an expiration policy for that SAS token, so it not be externally accesible for eternity. SAS 令牌的好处之一(它还有很多)是您可以为该 SAS 令牌定义一个过期策略,因此它不能永远从外部访问。
You should configure Share Access Policies if those files have sensible content or block some paths to protect them from external access.如果这些文件具有敏感内容或阻止某些路径以保护它们免受外部访问,您应该配置共享访问策略。
Please, refer to the official documentation for more info about SAS Token usage:有关 SAS Token 使用的更多信息,请参阅官方文档:
Grant limited access to Azure Storage resources using SAS 使用 SAS 授予对 Azure 存储资源的有限访问权限
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.