问题
I have an Azure Blob container which contains a few blobs. The container was created (successfully) with the code:
if (container.CreateIfNotExists())
{
var permissions = container.GetPermissions();
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
container.SetPermissions(permissions);
}
You'll see the permissions are set to private (i.e., PublicAccess is Off).
In a later portion of my code, I would like to open the permissions using SAS, with an expiration of 1 hour. To attempt this, I am using the code:
if (container.Exists())
{
//Set the expiry time and permissions for the container.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List;
//Generate the shared access signature on the container, setting the constraints directly on the signature.
string sasContainerToken = container.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return container.Uri + sasContainerToken;
}
However, no matter how I shape it, when I navigate my browser to the returned url (i.e., container.Uri + sasContainerToken), I get an authentication error:
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d7f89ef3-919b-4b86-9b4f-4a95273c20ff Time:2014-06-26T15:33:11.2754096Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rl 2014-06-26T16:32:02Z /mycontainer/$root 2014-02-14
</AuthenticationErrorDetail>
</Error>
Can anyone give me any pointers as to why I am seeing this authentication error?
My final url looks like it is in the correct format?:
https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl
I'm at a loss so any pointers would be greatly appreciated.
回答1:
I also faced the exact same error :). You can't do container related operations (with the exception of listing blobs) using Shared Access Signature. You would need to use account key for performing operations on a container. From this page: http://msdn.microsoft.com/en-us/library/azure/jj721951.aspx
Supported operations using shared access signatures include:
Reading and writing page or block blob content, block lists, properties, and metadata
Deleting, leasing, and creating a snapshot of a blob
Listing the blobs within a container
UPDATE
For listing blobs, just add &comp=list&restype=container to your URL and that should do the trick. So your URL should be:
https://myservice.blob.core.windows.net/mycontainer?sv=2014-02-14&sr=c&sig=0MSvKIRJnxWr2G%2Bh0mj%2BslbNtZM3VnjSF8KPhBKCPs8%3D&se=2014-06-26T16%3A32%3A02Z&sp=rl&comp=list&restype=container
来源:https://stackoverflow.com/questions/24434864/azure-blob-storage-changing-permissions-of-a-container-and-accessing-with-sas