![](/img/trans.png)
[英]Enumerating large Azure BLOB containers using Azure.Storage.Blobs
[英]Using Azure.Storage.Blobs to generate SAS expiring tokens with .NET Core 3.1
这个有点麻烦。 在遵循 Microsoft 文档中的示例后,我得到了一个 SAS 令牌,但我遇到了 SAS 令牌未经过身份验证的问题。
string sastoken = "";
BlobServiceClient blobServiceClient = new BlobServiceClient("DefaultEndpointsProtocol=https;AccountName=accountname;AccountKey=accountkey;EndpointSuffix=core.windows.net");
string containerName = containername;
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
ExpiresOn = DateTime.UtcNow + (new TimeSpan(24, 0, 0)),
BlobContainerName = containerName,
BlobName = imageData.filename,
Resource = "b"
};
sasBuilder.SetPermissions(BlobSasPermissions.Read);
sastoken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(containername, credentialkey)).ToString();
UriBuilder fulluri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", containername),
Path = string.Format("{0}/{1}", "blobtest", "file.bmp"),
Query = sastoken
};
imageData.url = fulluri.Uri.ToString();
imageData.url returns as: https://accountname.blob.core.windows.net/containername/file.bmp?sv=2019-07-07&se=2020-07-10T14%3A54%3A43Z&sr=b&sp=r&sig=UXvC7SAXqQtsVgfXj6L% 2BOIinTMhQj%2F3NH95v%2FLRvM8g%3D
我收到一个身份验证错误,但 SAS 令牌的全部意义在于提供该身份验证。 我确定我在这里遗漏了一些东西,但没有发现我犯了错误的任何地方。 我发现的大部分信息都与 Microsoft.Azure.Storage package 而不是 Azure.Storage.Blob 命名空间有关。 欢迎任何帮助或建议。 谢谢!
我使用这样的东西,使用Microsoft.WindowsAzure.Storage
nuget package:
private Uri GetSasForBlob(CloudBlob blob, DateTime expiry, SharedAccessBlobPermissions permissions = SharedAccessBlobPermissions.None)
{
var offset = TimeSpan.FromMinutes(10);
var policy = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.Subtract(offset),
SharedAccessExpiryTime = expiry.Add(offset),
Permissions = permissions
};
#pragma warning disable CA5377 // Use Container Level Access Policy
var sas = blob.GetSharedAccessSignature(policy);
#pragma warning restore CA5377 // Use Container Level Access Policy
return new Uri($"{blob.Uri}{sas}");
}
使用Azure.Storage.Blobs
更新:
// Read these from config:
// var accountName = "accountname";
// var accountKey = "xxxxxxx";
// var blobServiceEndpoint = $"https://{accountName}.blob.core.windows.net";
private Uri GetSasForBlob(string blobname, string containerName, DateTime expiry, BlobAccountSasPermissions permissions = BlobAccountSasPermissions.Read)
{
var offset = TimeSpan.FromMinutes(10);
var credential = new StorageSharedKeyCredential(accountName, accountKey);
var sas = new BlobSasBuilder
{
BlobName = blobname,
BlobContainerName = containerName,
StartsOn = DateTime.UtcNow.Subtract(offset),
ExpiresOn = expiry.Add(offset)
};
sas.SetPermissions(permissions);
UriBuilder sasUri = new UriBuilder($"{blobServiceEndpoint}/{containerName}/{blobname}");
sasUri.Query = sas.ToSasQueryParameters(credential).ToString();
return sasUri.Uri;
}
看起来您生成的 SAS 令牌和 URL 对帐户名称、容器名称和 blob 名称使用了不同的值。 考虑更新 URL 生成代码以使用相同的值。
UriBuilder fulluri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", accountname),
Path = string.Format("{0}/{1}", containerName, imageData.fileName),
Query = sastoken
};
希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.