使用Blob Service Rest API进行附加块操作-403身份验证失败

Question

我正在调查一个错误，该错误仅在我的应用程序中通过Put Append操作发生，由于Rest API，该操作与Azure Blob Service通信。

该文件的创建已成功完成，但是由于它是一个附加blob，因此我不得不通过Append Block操作添加内容，而当我尝试这样做时，我得到了403 Forbidden WebException：

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:00dc0116-0001-00c2-066b-cbafe8000000
Time:2017-05-12T22:01:16.1689598Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'N7UVKFwftf2YnAFdnciRneu7LsAkWHKXUpwhFRxlQqI=' is not the same as any computed signature. Server used following string to sign: 'PUT


800








x-ms-date:Fri, 12 May 2017 22:01:15 GMT
x-ms-version:2016-05-31
/<myaccount>/write/FixedRecord10r.txt
comp:appendblock'.</AuthenticationErrorDetail></Error>

但是，在构造签名的方法中，我显示了stringToSign，它与使用的服务器完全相同！

PUT


800








x-ms-date:Fri, 12 May 2017 22:01:15 GMT
x-ms-version:2016-05-31
/<myaccount>/write/FixedRecord10r.txt
comp:appendblock

这是我参数化的标题：

public void AppendFile(MemoryStream stream)
{
 string dateFormatted = string.Format(CultureInfo.InvariantCulture, "{0:R}", DateTime.UtcNow);
 string signature = GetSignature("PUT", "xxxxxxx", afsAccount, dateFormatted, null, null, stream.Length, null);

 HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://" + afsAccount + ".blob.core.windows.net" + path + "?comp=appendblock");
 request.Headers.Add("x-ms-version", "2016-05-31");
 request.Headers.Add("x-ms-date", dateFormatted);
 request.Headers.Add(HttpRequestHeader.Authorization, "SharedKey " + afsAccount + ":" + signature);
 request.Method = "PUT";
 request.ContentLength = stream.Length;

 using (var requestStream = request.GetRequestStream())
 {
      stream.Position = 0;
      stream.CopyTo(requestStream);
 }

 try
 {
  using (HttpWebResponse response = (HttpWebResponse)request.GetResponse()){
...
}


    private String GetSignature(string verb, string azureAccessKey, string afsAccount, string date, string byteRange, string containerName, long contentLength, string blobType)
    {
        if(byteRange != null)
        {
            byteRange = "x-ms-range:" + byteRange + "\n";
        }

        string path = "/" + afsAccount + Dfs.Path;
        if (containerName != null)
        {
            path = "/" + afsAccount + "/" + containerName + "\nrestype:container";
        }else if (contentLength > 0)
        {
            path += " \ncomp:appendblock";
        }

        string length = "\n";
        if (contentLength != 0)
        {
            length = contentLength.ToString() + "\n";
        }

        if (blobType != null)
        {
            blobType = "x-ms-blob-type:" + blobType + "\n";
        }

        // construct input value
        string inputValue = verb + "\n" +
          "\n" + /*Content-Encoding*/
          "\n" + /*Content-Language*/
          length + /*Content-Length*/
          "\n" + /*Content-MD5*/
          "\n" + /*Content-Type*/
          "\n" + /*Date*/
          "\n" + /*If-Modified-Since*/
          "\n" + /*If-Match*/
          "\n" + /*If-None-Match*/
          "\n" + /*If-Unmodified-Since*/
          "\n" + /*Range*/ 
          blobType +
          "x-ms-date:" + date + "\n" +
          byteRange +
          "x-ms-version:2016-05-31\n" +
          path;

        Console.WriteLine(inputValue);

        // create base64 encoded signature
        var hmac = new HMACSHA256();
        hmac.Key = Convert.FromBase64String(azureAccessKey);
        byte[] sigbyte = hmac.ComputeHash(Encoding.UTF8.GetBytes(inputValue));
        var signature = Convert.ToBase64String(sigbyte);

        return signature;
    }

我现在想知道我是否错过了某些操作，或者该特定操作是否有问题，因为我从未遇到过其他操作的问题。

Answer 1

我注意到这里（ "和\\n "之间有一个额外的空间：

{
    path += " \ncomp:appendblock";
}

请删除此空间，然后重试您的请求。