堆棧內存溢出
  簡體   English   中英

授權 Header 到 Azure 表失敗,出現 403“授權 header 格式錯誤”

[英]Authorization Header to Azure Tables fails with 403 “Authoization header malformed”

 原文  2020-04-27 15:09:45       azure/ delphi/ azure-table-storage

問題描述

我拼湊了代碼以授權 Microsoft Azure 進行存儲帳戶表操作。

function TAzureStorageAPI.GetAuthHeader(RequestMethod,Ressource,Time:UTF8String): String;

Var
  KeyBytes:TBytes;
  DataBytes:TBytes;
  TimeString,
  StringtoSign:UTF8String;

begin
  StringtoSign:=Uppercase(RequestMethod)+LF+                                  //RequestMethod
                ''+LF+                                                        //contentMD5
                'application/json; charset=ISO-8859-1'+LF+                                //contentType
                TimeString+LF+                                                //requestDate
                Ressource;                                                    //Ressource
  keyBytes:=TNetEncoding.Base64.DecodeStringToBytes(FAccessKey);
  dataBytes:=TEncoding.UTF8.GetBytes(StringToSign);
  result:= (TNetEncoding.Base64.EncodeBytesToString(THashSHA2.GetHMACAsBytes(dataBytes, keyBytes)));
end;

function TAzureStorageAPI.Insert(PartitionKey,RowKey:String; Data:tlkJSONObject):tlkJSONObject;

Var
  PostHeaders:TStringlist;
  Time:TDateTime;
  TimeString:String;

begin
  Socket.Request.Accept:='application/json;odata=minimalmetadata';
  PostHeaders:=TStringlist.Create;
  PostHeaders.Add('x-ms-version:2019-07-07');
  Time:=TTimeZone.Local.ToUniversalTime(Now);
  TimeString:=FormatDateTime('ddd, dd mmm yyyy hh:nn:ss',Time)+' UTC';
  PostHeaders.Add('Date:'+TimeString);
  PostHeaders.Add('MaxDataServiceVersion:3.0;NetFx');
  PostHeaders.Add('DataServiceVersion:3.0;NetFx');
  PostHeaders.Add('Authorization:SharedKey '+FStorageAccount+':'+GetAuthHeader('post','/'+FStorageAccount+'/'+FTable,TimeString));
  Host:=FStorageAccount+'.table.core.windows.net';
  Data.Add('PartitionKey',PartitionKey);
  Data.add('RowKey',RowKey);
  result:=WebPostData('/'+FTable,PostHeaders,Data)as tlkJSONObject;
  PostHeaders.Free;
end;
  • StorageAccount 是我從 SharedKey-Options 獲得的名稱
  • 表是表服務中資源的名稱
  • AccessKey 是 SharedKey-Options 中的 Key1

StringToSign 是

'POST'#$A#$A'application/json; charset=ISO-8859-1'#$A'Mo, 27 Apr 2020 18:02:33 UTC'#$A'/smartflatlog/Log'

我沒有對資源使用任何訪問策略。

在修復了標頭傳遞中的錯誤后,我在線路上看到以下傳輸:

Ges 27.04.2020 20:02:48: POST /Log HTTP/1.1<EOL>Content-Type: application/json; charset=ISO-8859-1<EOL>Content-Length: 104<EOL>x-ms-version: 2019-07-07<EOL>Date: Mo, 27 Apr 2020 18:02:33 UTC<EOL>MaxDataServiceVersion: 3.0;NetFx<EOL>DataServiceVersion: 3.0;NetFx<EOL>Authorization: SharedKey smartflatlog:KVtJ*********************************A5zOME=<EOL>Host: smartflatlog.table.core.windows.net<EOL>Accept: application/json;odata=minimalmetadata<EOL>User-Agent: Demo<EOL><EOL>
Ges 27.04.2020 20:02:48: {"Level":"Debug","LogText":"something to note","Application":"Demo","PartitionKey":"Demo","RowKey":"13"}
Erh 27.04.2020 20:02:48: HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.<EOL>Content-Length: 299<EOL>Content-Type: application/json<EOL>Server: Microsoft-HTTPAPI/2.0<EOL>x-ms-request-id: 86f7fd8d-2002-0021-63be-1c5d47000000<EOL>x-ms-error-code: AuthenticationFailed<EOL>Date: Mon, 27 Apr 2020 18:02:49 GMT<EOL><EOL>{"odata.error":{"code":"AuthenticationFailed","message":{"lang":"en-US","value":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:86f7fd8d-2002-0021-63be-1c5d47000000\nTime:2020-04-27T18:02:49.6860540Z"}}}

1 個解決方案

解決方案1
 0  2020-04-28 02:03:40

如果你想插入一個帶有 Sharekey auth 的實體, stringtosign應該是這樣的

StringToSign = VERB + "\n" +
               Content-MD5 + "\n" +
               Content-Type + "\n" +  
               Date + "\n" +  
               CanonicalizedResource;

例如

 RequestMethod:= 'GET';

  dateInRfc1123Format:= TTimeZone.Local.ToUniversalTime(Now);
  TheDate:= formatdatetime('ddd, dd mmm yyyy hh:nn:ss "GMT"',dateInRfc1123Format);
  contentType:='application/json;odata=nometadata'
canonicalizedResource:= "/yourAccount/yourTable"
 stringToSign:= format('%s\n'+ // request method

                        '\n' + // content md5
                        '%s\n' + // content type
                        '%s\n' + // date
                        '%s', // canonicalized ResourceL,
                        [RequestMethod,
                        contentType,
                        TheDate,
                        canonicalizedResource]);

更多詳細信息,請參閱文檔文檔

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 到Azure表的POST請求中的授權標頭 由於授權標頭,Azure Blob 存儲 403 身份驗證失敗 Azure Blob授權標頭 Azure Redis緩存授權標頭 Azure Blob:403(服務器無法對請求進行身份驗證。確保正確形成授權標頭的值,包括簽名。) Azure Web作業-授權基本標頭 如何在Azure Blob存儲中添加授權標頭? 使用 python 創建 Azure 存儲授權標頭 Azure Devops Rest API 授權 Z099FB995346F31C7549F6E40DB0F3EZ 不工作 Azure通知中心-401 MissingToken:找不到授權標頭
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM