stackoom
  简体   繁体   中英

How to authenticate an azure storage api request using a storage account key in python?

 原文  2020-07-20 15:23:00       python/ azure/ authentication/ request

Question

I am trying to authenticate a get request to the azure storage api using the below python function however I am getting the following error:

<Response [403]>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

The url of the request I am trying to make is:

'https://{account name}.dfs.core.windows.net/{file system}?directory={directory}&recursive=False&resource=filesystem'

Documentation for the REST api: https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/path/list

Documentation on how to authenticate using account key: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

def get_shared_access_authorization(self, directory):
        directory = directory
        file_system_name = self.fileSystem
        storage_account_name = self.storageAccountName
        storage_account_key = self.accountKey
        request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

        string_params = {
            'verb': 'GET',
            'Content-Encoding': '',
            'Content-Language': '',
            'Content-Length': '',
            'Content-MD5': '',
            'Content-Type': '',
            'Date': '',
            'If-Modified-Since': '',
            'If-Match': '',
            'If-None-Match': '',
            'If-Unmodified-Since': '',
            'Range': '',
            'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
            'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name  + '\ndirectory:'+directory+'\nrecursive:false\nresource:filesystem'
        }

        string_to_sign = (string_params['verb'] + '\n'
                          + string_params['Content-Encoding'] + '\n'
                          + string_params['Content-Language'] + '\n'
                          + string_params['Content-Length'] + '\n'
                          + string_params['Content-MD5'] + '\n'
                          + string_params['Content-Type'] + '\n'
                          + string_params['Date'] + '\n'
                          + string_params['If-Modified-Since'] + '\n'
                          + string_params['If-Match'] + '\n'
                          + string_params['If-None-Match'] + '\n'
                          + string_params['If-Unmodified-Since'] + '\n'
                          + string_params['Range'] + '\n'
                          + string_params['CanonicalizedHeaders']
                          + string_params['CanonicalizedResource'])

        signed_string = base64.b64encode(
            hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
                     digestmod=hashlib.sha256).digest()).decode()

        headers = {
            'x-ms-date': request_time,
            'x-ms-version': '2018-11-09',
            'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)
        }

        return headers

I have checked that all inputs (directory, file system name, storage account name and account key) are correct. Any help would be greatly appreciated.

Update: I have tried using both 'SharedKey' and 'SharedKeyLite' in the auth header.

Update 2: The problem was solved by swapping from 'false' to 'False'. I have generalised the working function and included it below.

def get_shared_access_authorization(self, directory, file_system_name, storage_account_name, storage_account_key):

        request_time = datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

        string_params = {
            'verb': 'GET',
            'Content-Encoding': '',
            'Content-Language': '',
            'Content-Length': '',
            'Content-MD5': '',
            'Content-Type': '',
            'Date': '',
            'If-Modified-Since': '',
            'If-Match': '',
            'If-None-Match': '',
            'If-Unmodified-Since': '',
            'Range': '',
            'CanonicalizedHeaders': 'x-ms-date:' + request_time + '\nx-ms-version:' + '2018-11-09' + '\n',
            'CanonicalizedResource': '/' + storage_account_name + '/' + file_system_name  + '\ndirectory:'+directory+'\nrecursive:False\nresource:filesystem'
        }

        string_to_sign = (string_params['verb'] + '\n'
                          + string_params['Content-Encoding'] + '\n'
                          + string_params['Content-Language'] + '\n'
                          + string_params['Content-Length'] + '\n'
                          + string_params['Content-MD5'] + '\n'
                          + string_params['Content-Type'] + '\n'
                          + string_params['Date'] + '\n'
                          + string_params['If-Modified-Since'] + '\n'
                          + string_params['If-Match'] + '\n'
                          + string_params['If-None-Match'] + '\n'
                          + string_params['If-Unmodified-Since'] + '\n'
                          + string_params['Range'] + '\n'
                          + string_params['CanonicalizedHeaders']
                          + string_params['CanonicalizedResource'])

        signed_string = base64.b64encode(
            hmac.new(base64.b64decode(storage_account_key), msg=string_to_sign.encode('utf-8'),
                     digestmod=hashlib.sha256).digest()).decode()

        headers = {
            'x-ms-date': request_time,
            'x-ms-version': '2018-11-09',
            'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)
        }

        return headers

1 answers

solution1
 0 ACCPTED  2020-07-20 15:38:58

Please try by changing SharedKeyLite to SharedKey authorization. Essentially change the following line of code:

'Authorization': ('SharedKeyLite ' + storage_account_name + ':' + signed_string)

to

'Authorization': ('SharedKey ' + storage_account_name + ':' + signed_string)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get all storage account name and their access key of Azure using Python How to connect with Deltalake using Delalake python API using Azure Storage account connection string? How to create a azure storage account with minmum TLS version as 1.1 using python post api How do I authenticate the with the Google Storage SDK using a JSON service account key? Python: How to connect to Azure cloud storage using shared access key? Azure : Get classic storage account key using StorageManagementClient How do I authenticate a user against an Azure storage blob in python? Upload CSV file into Microsoft Azure storage account using python How to keep a folder synchronised with an Azure storage account in Python? How to programmatically retrieve the connection string from an Azure storage account in Python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM