使用最新的 azure 版本生成 SAS uri 時出錯

Question

this.container = new BlobContainerClient(new Uri(connectionString), new DefaultAzureCredential());
BlobServiceClient blobServiceClient =  this.container.GetParentBlobServiceClient();

Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));

foreach (DataRow row in dt.Rows)
{                   
    string path = folderName + "/" + row.ItemArray[7] + "/" + row.ItemArray[0] + ".png";
    BlobClient blobClient = this.container.GetBlobClient(path);
    bool isexists = blobClient.Exists();

    if(isexists)
    {
        BlobSasBuilder sasBuilder = new BlobSasBuilder()
        {
            BlobContainerName = blobClient.BlobContainerName,
            BlobName = blobClient.Name,
            Resource = "b",
            StartsOn = DateTimeOffset.UtcNow,
            ExpiresOn = DateTimeOffset.UtcNow.AddDays(1)
        };
        
        // Specify read and write permissions for the SAS.
        sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write);
        
        // Add the SAS token to the blob URI.
        BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
        {
            // Specify the user delegation key.
            Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
        };
    }
}

我需要為每個 blob 生成 SAS uri，但在 GetUserDelegationKey 上出現授權不匹配錯誤是否有任何丟失的訪問權限或我需要做的任何其他事情。

Answer 1

我嘗試在我的環境中重現並得到以下結果：

Authorisation mismatch error:

檢查您的SAS權限是否嘗試使用僅允許讀取的 SAS 執行寫入操作。
檢查您的RBAC權限是否在用戶對 object 沒有必要的 RBAC 權限時嘗試執行寫操作。

還要檢查storage blob contributor role中的訪問控制 (IAM)

在此處輸入圖像描述

代碼：

using Azure.Identity;
using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using Azure.Storage.Blobs.Specialized;
using Azure.Storage.Sas;
namespace SAStoken
{
    class Program
    {
        private static void Main()
        {
            var storageAccountUriString = $"https://storage1326.blob.core.windows.net";
            var credential = new DefaultAzureCredential();

            var blobServiceClient = new BlobServiceClient(new Uri(storageAccountUriString), credential);

            var userDelegationKey = blobServiceClient.GetUserDelegationKey(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(1));


            var blobContainerClient = blobServiceClient.GetBlobContainerClient("container1");  //container name
            var blobClient = blobContainerClient.GetBlobClient("folder1"); // my image blob name

            var sasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = blobClient.BlobContainerName,
                BlobName = blobClient.Name,
                Resource = "b", // b for blob, c for container
                StartsOn = DateTimeOffset.UtcNow,
                ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
            };


            sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write); // read  write permissions

            BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
            {
                // Specify the user delegation key.
                Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, blobServiceClient.AccountName)
            };

            Console.WriteLine("Blob user delegation SAS URI: {0}", blobUriBuilder);
        }
         
    }
}

安慰： 在此處輸入圖像描述

Output： 在此處輸入圖像描述

參考： 創建用戶委托 SAS - Azure 存儲 | 微軟學習

使用最新的 azure 版本生成 SAS uri 時出錯

問題描述

1 個解決方案

解決方案1
0 2022-10-03 11:53:00

使用最新的 azure 版本生成 SAS uri 時出錯

問題描述

1 個解決方案

解決方案1 0 2022-10-03 11:53:00

解決方案1
0 2022-10-03 11:53:00