stackoom
  简体   繁体   中英

Is it possible to use Azure Shared Access Signature outside of Azure?

 原文  2020-12-29 12:49:52       python/ django/ azure/ shared-access-signatures

Question

Since Azures Shared Access Signatures (SAS) is an open standard I want to use it in my Django application which has no links to Azure whatsoever. I basically want to create a piece of code that creates read permission for the next 24 hours on a specific url I'm serving. So I've watched some video's on SAS and I installed the python library for it ( pip install azure-storage-blob ).

I read over the README here on github but as far as I can see it always requires an Azure account. Is it also possible to use SAS in my own (Python) application? I imagine it to create the hashes based on a pre-defined secret key for. If this is possible, does anybody have any example code on how to create the url and how to validate it? Preferably in Python, but example code in other languages would be welcome as well.

1 answers

solution1
 1  2020-12-29 16:42:51

While the original blob storage sas generation code exists here , I rather find the below simplified code more useful for your general purpose (inspired by this sample ). Adjust as per your need . Below is the client side sas generation logic (hmac sha256 digest) using a secret key. Use the similar logic at server side to re-generate signature extracting URL params (sr, sig, se) and compare the same (sig) with that passed from client side to match. Note the shared secret key both at client and server side is main driver here.

import time
import urllib
import hmac
import hashlib
import base64

def get_auth_token(url_base, resource, sas_name, sas_secret):
    """
    Returns an authorization token dictionary 
    for making calls to Event Hubs REST API.
    """
    uri = urllib.parse.quote_plus("https://{}.something.com/{}" \
                                  .format(url_base, resource))
    sas = sas_secret.encode('utf-8')
    expiry = str(int(time.time() + 10000))
    string_to_sign = (uri + '\n' + expiry).encode('utf-8')
    signed_hmac_sha256 = hmac.HMAC(sas, string_to_sign, hashlib.sha256)
    signature = urllib.parse.quote(base64.b64encode(signed_hmac_sha256.digest()))
    return  {"url_base": url_base,
             "resource": resource,
             "token":'SharedAccessSignature sr={}&sig={}&se={}&skn={}' \
                     .format(uri, signature, expiry, sas_name)
            }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create a Shared Access Signature for a container with the Azure Python SDK Create Shared Access Signature in Python - Azure Api Rest Management Use SAS to access files in Azure Python: How to connect to Azure cloud storage using shared access key? Is it possible to use BlockBlobService in Azure Functions (python)? Use Azure AD access token to Authenticate to Azure DevOps with Flask Use MSAL to access ObjectID in azure python sdk? generate shared access signature through python Using python and Azure Topics, is it possible to use long polling Azure Blob Storage Python SDK MAC signature
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM