2

我正在使用Azure.Storage.Blobs v12.1.0图书馆。我正在使用带有 Azure 服务主体凭据的用户委托生成 Blob 级 SAS 令牌,并尝试使用生成的 SAS 令牌上传 Blob。我完全按照Azure 中的这个代码示例来生成 SAS 令牌。

这是我用来创建 SAS 令牌的代码:

string blobEndpoint = string.Format("https://{0}.blob.core.windows.net", storageProviderSettings.AccountName);

        TokenCredential credential =
            new ClientSecretCredential(
                storageProviderSettings.TenantId,
                storageProviderSettings.ClientId,
                storageProviderSettings.ClientSecret,
                new TokenCredentialOptions());

        BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint),
                                                            credential);

        BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
        BlobClient blobClient = containerClient.GetBlobClient(blobName);

        var delegationKey = await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));
        BlobSasBuilder sasBuilder = new BlobSasBuilder()
        {
            BlobContainerName = containerName,
            BlobName = blobName,
            Resource = "b",
            StartsOn = DateTimeOffset.UtcNow,
            ExpiresOn = DateTimeOffset.UtcNow.AddSeconds(expirySeconds)
        };
        sasBuilder.SetPermissions(BlobSasPermissions.All);
        // if (withDownloadAccess) {
        //     sasBuilder.SetPermissions(BlobSasPermissions.Read);
        // }
        // if (withDeleteAccess) {
        //     sasBuilder.SetPermissions(BlobSasPermissions.Delete);
        // }
        Console.WriteLine(sasBuilder.Permissions);
        var sasQueryParams = sasBuilder.ToSasQueryParameters(delegationKey, storageProviderSettings.AccountName).ToString();
        UriBuilder sasUri = new UriBuilder()
        {
            Scheme = "https",
            Host = string.Format("{0}.blob.core.windows.net", storageProviderSettings.AccountName),
            Path = string.Format("{0}/{1}", containerName, blobName),
            Query = sasQueryParams
        };

        BlobServiceClient service = new BlobServiceClient(sasUri.Uri);

        await service.GetPropertiesAsync();

        Settings tmpUploadCredentials = CreateTemporaryAzureStorageProviderSettings(sasUri, storageProviderSettings);

        Console.WriteLine(tmpUploadCredentials.ConnectionString);
        return tmpUploadCredentials;

如果我将 SAS 令牌保存在浏览器中,但BlobServiceClient如果我尝试上传文件或执行它现在正在工作的任何操作,则创建 SAS 令牌并且 Get Blob 工作得非常好。要检查它是否经过身份验证,我写了这行await service.GetPropertiesAsync();抛出以下错误:

这是错误

任何帮助将不胜感激。

4

1 回答 1

4

根据我的测试,service.GetPropertiesAsync();是对帐户的操作。这意味着它将调用Get Blob Service Properties rest api来获取帐户的blob服务的属性。但是,当您创建时BlobServiceClient,您会提供 blob url。blob 不支持该操作。所以你会得到错误。它将想要获取 blob 的属性,请调用api。因此,请将您的代码更新为以下代码


 BlobClient blobClient = new BlobClient(sasUri, null);
blobClient.GetPropertiesAsync();

有关详细信息,请参阅https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet#get-the-user-delegation-key

于 2019-12-19T03:54:16.120 回答