[英]Azure Storage Rest-API via Powershell to list container content
我嘗試以“liveworkerstorage”為例列出我們存儲帳戶的內容。 我創建了一個 auth 標頭,可以在容器上創建一個文件,但是當我只想通過 Powershell 列出內容時,我收到一條錯誤消息,告訴我:
Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:781ec136-101e-0012-0620-f6ebe4000000
Time:2020-03-09T14:40:50.3148026ZThe MAC signature found in the HTTP request '16lBcDgjTWNtqInwWSghnHT0ae7yc5OS/05B72fVS4E=' is not the same as any computed signature. Server used following string to sign: 'GET
x-ms-blob-type:BlockBlob
x-ms-date:Mon, 09 Mar 2020 15:40:52 GMT
x-ms-version:2014-02-14
/liveworkerstorage/curltestdonotdelete/
restype:container'.
In C:\temp\Powershell\StoragePing\StoragePimg3.ps1:40 Zeichen:1
+ Invoke-RestMethod -method $method -Uri $Url -Headers $headers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
這是我的代碼...您可以看到,在我制作 PUT 方法的地方有注釋掉的值,並且有效。
$method = "GET"
#$method = "PUT"
$headerDate = '2014-02-14'
$headers = @{"x-ms-version" = "$headerDate" }
$StorageAccountName = "xxXXxx"
$StorageContainerName = "xxXXxx"
$StorageAccountKey = "xxXXxxXX"
#$Url = "https://$StorageAccountName.blob.core.cloudapi.de/$StorageContainerName/Test.txt"
$Url = "https://$StorageAccountName.blob.core.cloudapi.de/$StorageContainerName/?restype=container"
#$body = "Hello world"
$xmsdate = (get-date -format r).ToString()
$headers.Add("x-ms-date", $xmsdate)
$bytes = ([System.Text.Encoding]::UTF8.GetBytes($body))
$contentLength = $bytes.length
$headers.Add("Content-Length", "$contentLength")
$headers.Add("x-ms-blob-type", "BlockBlob")
$signatureString = "$method$([char]10)$([char]10)$([char]10)$contentLength$([char]10)$([char]10)$([char]10)$([char]10)$([char]10)$([char]10)$([char]10)$([char]10)$([char]10)"
#Add CanonicalizedHeaders
$signatureString += "x-ms-blob-type:" + $headers["x-ms-blob-type"] + "$([char]10)"
$signatureString += "x-ms-date:" + $headers["x-ms-date"] + "$([char]10)"
$signatureString += "x-ms-version:" + $headers["x-ms-version"] + "$([char]10)"
#Add CanonicalizedResource
$uri = New-Object System.Uri -ArgumentList $url
$signatureString += "/" + $StorageAccountName + $uri.AbsolutePath
$dataToMac = [System.Text.Encoding]::UTF8.GetBytes($signatureString)
$accountKeyBytes = [System.Convert]::FromBase64String($StorageAccountKey)
$hmac = new-object System.Security.Cryptography.HMACSHA256((, $accountKeyBytes))
$signature = [System.Convert]::ToBase64String($hmac.ComputeHash($dataToMac))
$headers.Add("Authorization", "SharedKey " + $StorageAccountName + ":" + $signature);
write-host -fore green $signatureString
#Invoke-RestMethod -Uri $Url -Method $method -headers $headers -Body $body
Invoke-RestMethod -method $method -Uri $Url -Headers $headers
先感謝您
此致
我有一個更新。 到目前為止,感謝您的回答!! 它仍然不起作用......
我更改了獲取查詢的代碼。
但它告訴我容器不存在。 怎么可能只列出存儲的根部分?
我找到了這個
$root?restype=container
所以這是我的代碼和我在執行它時得到的錯誤消息......
#[CmdletBinding()]
#Param(
#[Parameter(Mandatory=$true,Position=1)] [string] $StorageAccountName,
#[Parameter(Mandatory=$True,Position=2)] [string] $FilesystemName,
#[Parameter(Mandatory=$True,Position=2)] [string] $AccessKey
#)
$StorageAccountName = "XXX"
#$StorageAccountName = "XXX"
#$FilesystemName = "XXX"
$FilesystemName = "XXX"
#$AccessKey = "XXX"
$AccessKey = "XXX"
$date = [System.DateTime]::UtcNow.ToString("R")
$n = "`n"
$method = "GET"
$stringToSign = "$method$n" #VERB
$stringToSign += "$n" # Content-Encoding + "\n" +
$stringToSign += "$n" # Content-Language + "\n" +
$stringToSign += "$n" # Content-Length + "\n" +
$stringToSign += "$n" # Content-MD5 + "\n" +
$stringToSign += "$n" # Content-Type + "\n" +
$stringToSign += "$n" # Date + "\n" +
$stringToSign += "$n" # If-Modified-Since + "\n" +
$stringToSign += "$n" # If-Match + "\n" +
$stringToSign += "$n" # If-None-Match + "\n" +
$stringToSign += "$n" # If-Unmodified-Since + "\n" +
$stringToSign += "$n" # Range + "\n" +
$stringToSign +=
<# SECTION: CanonicalizedHeaders + "\n" #>
"x-ms-date:$date" + $n +
"x-ms-version:2018-11-09" + $n #
<# SECTION: CanonicalizedHeaders + "\n" #>
$stringToSign +=
<# SECTION: CanonicalizedResource + "\n" #>
"/$StorageAccountName/$FilesystemName" + $n +
"recursive:true" + $n +
"resource:filesystem"#
<# SECTION: CanonicalizedResource + "\n" #>
$sharedKey = [System.Convert]::FromBase64String($AccessKey)
$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey
$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))
$authHeader = "SharedKey ${StorageAccountName}:$signedSignature"
$headers = @{"x-ms-date"=$date}
$headers.Add("x-ms-version","2018-11-09")
$headers.Add("Authorization",$authHeader)
$URI = "https://$StorageAccountName.blob.core.cloudapi.de/" + $FilesystemName + "?recursive=true&resource=filesystem"
$result = Invoke-RestMethod -method GET -Uri $URI -Headers $headers
錯誤信息:
Invoke-RestMethod : ContainerNotFoundThe specified container does not exist.
RequestId:c652069a-301e-0027-5ae1-f645b1000000
Time:2020-03-10T13:41:22.8270890Z
In C:\temp\Powershell\StoragePing\StoragePingfromweb.ps1:60 Zeichen:11
+ $result = Invoke-RestMethod -method GET -Uri $URI -Headers $headers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
到目前為止謝謝你!
如果您通過 Azure 生成 sas 令牌會更簡單,但這是我發現使用 sas 令牌時有效的方法...(無需發送標頭)
這是幫助我把它放在一起的參考: https : //blog.zuehlke.cloud/2019/10/access-azure-blob-storage-with-rest-and-sas/
# The sas token used below is the one generated by Azure in the Storage Account settings and censored
# and not one generated and signed using other methods (eg. the method you consistently see on help sites)
# To Note, in order to utilize the sas token with filters, you need to change the preceeding '?' with '&'
# Apologies for the variable names, I just yanked them from a larger test script
# The biggest difference when using a filter for these REST operations WITH A SAS KEY seems to be the need
# to define "&restype=container" whereas the same operation anonymously has no need for "&restype=container"
#
$sasTokenS1 = "?sv=<DATE>&ss=bfqt&srt=sco&sp=rwdlacupx&se=<DATEandTIME>&spr=https&sig=<Signature already in address format>" #included only for comparison
$sasTokenS1v2 = "&sv=<DATE>&ss=bfqt&srt=sco&sp=rwdlacupx&se=<DATEandTIME>&spr=https&sig=<Signature already in address format>"
$storageAccountS1 = "storageaccountname" #Standard StorageV2 (general purpose v2), paired with $sasTokenS1
$containerName2 = "containername"
$filter1 = "?comp=list" #the filter to list/read
$method1 = "GET" #the REST method, must be all CAPS
#
# With a sas token
$blobUri = "https://$storageAccountS1.blob.core.windows.net/$containerName2/$filter1&restype=container$sasTokenS1v2"
# Anonymous
$blobUri = "https://$storageAccountS1.blob.core.windows.net/$containerName2/$filter1"
#
#
Invoke-RestMethod -Method $method1 -Uri $blobUri
我在您的代碼中看到的一個問題是您錯誤地計算了canonicalizedResource字符串。 根據here的文檔,您需要here包含查詢字符串參數。
所以基本上這行代碼:
$signatureString += "/" + $StorageAccountName + $uri.AbsolutePath
應該:
$signatureString += "/" + $StorageAccountName + $uri.AbsolutePath + $([char]10) + "restype:container"
還有一些其他評論:
x-ms-blob-type標頭。GET操作,因此您確實不需要Content-Length標頭。
Rest API 用於獲取 AZURE 存儲中容器/目錄/中的文件列表
[英]Rest API to get the list of files inside the container/directory/ in AZURE storage
Powershell中的Outlook Rest-api返回宣誓請求(401)
[英]Outlook rest-api from powershell returning oath request (401)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.