3

我想做的是连接到 Azure Storage Rest API List Blob。参考:http: //msdn.microsoft.com/en-us/library/windowsazure/dd135734.aspx

我试图按照http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx来指定授权标头,但是我收到 403 错误 - 禁止。

代码:

Uri address = new Uri("https://account.blob.core.windows.net/$logs?restype=container&comp=list");
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(address);
req.Headers["x-ms-date"] = "2013-09-04";
req.Headers["x-ms-version"] = "2012-02-12";
req.Method = "GET";

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/blob\ncomp:list\nrestype:container"; // resources

string accountName = "account";
string key = Convert.ToBase64String(Encoding.Default.GetBytes(StringToSign));
req.Headers["Authorization"] = string.Format("SharedKey {0}:{1}", accountName, key);

HttpWebResponse resp = req.GetResponse() as HttpWebResponse;

任何人都可以看到任何错误吗?有没有可以生成密钥的工具?我不确定的一件事是我正在正确编码/散列字符串。

谢谢,安德鲁

使用最新代码更新。这段代码给了我一个禁止错误。

DateTime dt = DateTime.UtcNow;
string StringToSign = "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: " + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container";

string auth = SignThis(StringToSign, "accountkey", "account");
string method = "GET";
string urlPath = "https://account.blob.core.windows.net/$logs?restype=container&comp=list";
Uri uri = new Uri(urlPath);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-date", dt.ToString("R"));
request.Headers.Add("x-ms-version", "2012-02-12");
request.Headers.Add("Authorization", auth);

using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
}
4

1 回答 1

4

上面的代码有一些问题。但在此之前,您首先需要的是存储帐户的密钥。您可以从 Windows Azure 门户获取它。单击门户中的存储帐户名称,然后单击“管理访问密钥”,如下面的屏幕截图所示:

在此处输入图像描述

现在解决问题:

您创建授权标头的方式不正确。要创建授权标头,您需要帐户名、帐户密钥和StringToSign上面的代码。试试这个代码:

private static String SignThis(String StringToSign, string Key, string Account)
        {
            String signature = string.Empty;
            byte[] unicodeKey = Convert.FromBase64String(Key);
            using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(canonicalizedString);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                  CultureInfo.InvariantCulture,
                  "{0} {1}:{2}",
                  "SharedKey",
                  Account,
                  signature);

            return authorizationHeader;
        }

上面的函数将提供您需要作为授权传递的授权标头。

我注意到的第二件事是,在代码中StringToSign,您没有传递容器名称。所以你StringToSign应该是:

string StringToSign =  "GET\n"
    + "\n" // content encoding
    + "\n" // content language
    + "\n" // content length
    + "\n" // content md5
    + "\n" // content type
    + "\n" // date
    + "\n" // if modified since
    + "\n" // if match
    + "\n" // if none match
    + "\n" // if unmodified since
    + "\n" // range
    + "x-ms-date: 2013-09-04\nx-ms-version:2012-02-12\n" // headers
    + "/account/$logs\ncomp:list\nrestype:container"; // resources 

您提到您对 Windows Azure 很陌生。如果我可以建议的话 - 许多人之前也已经完成了 REST API 的实现。请看看他们做了什么,而不是再次尝试做同样的事情。您可能会发现这些链接很有用:

http://convective.wordpress.com/2010/08/18/examples-of-the-windows-azure-storage-services-rest-api/

http://azurestoragesamples.codeplex.com/ - 查看此项目中的 REST API 实现。

更新

这是工作代码(只需更改帐户名称、密钥和容器名称)

static void ListContainers()
{
    string Account = "account";
    string Key = "key";
    string Container = "$logs";
    DateTime dt = DateTime.UtcNow;
    string StringToSign = String.Format("GET\n"
        + "\n" // content encoding
        + "\n" // content language
        + "\n" // content length
        + "\n" // content md5
        + "\n" // content type
        + "\n" // date
        + "\n" // if modified since
        + "\n" // if match
        + "\n" // if none match
        + "\n" // if unmodified since
        + "\n" // range
        + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:2012-02-12\n" // headers
        + "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);

    string auth = SignThis(StringToSign, Key, Account);
    string method = "GET";
    string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
    Uri uri = new Uri(urlPath);
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    request.Method = method;
    request.Headers.Add("x-ms-date", dt.ToString("R"));
    request.Headers.Add("x-ms-version", "2012-02-12");
    request.Headers.Add("Authorization", auth);

    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {
    }
}

希望这可以帮助。

于 2013-09-04T10:45:42.997 回答