1. 技术文章
  2. Why isn't my Azure SAS Token Signature matching?

Why isn't my Azure SAS Token Signature matching?

徘徊边缘 提交于 2019-12-12 04:13:47

问题


This is the error returned when I try to access a blob in storage:

Code: AuthenticationFailed Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. AuthenticationErrorDetail: Signature did not match. String to sign used was xxstorageaccount rwdlac b sco 2017-08-17T21:29:24Z 2017-08-17T21:34:24Z https 2017-04-17

Here's my code:

$storageAccount = config('azure.storage.account');

$start = new \DateTime();     
$end = (new \DateTime())->modify('+5 minutes');
$start = $start->format('Y-m-d\TH:i:s\Z');
$end = $end->format('Y-m-d\TH:i:s\Z');

$toSign = $storageAccount . "\n";
$toSign .= "rwdlac" . "\n";
$toSign .= "b" . "\n";
$toSign .= "sco" . "\n";
$toSign .= $start . "\n";
$toSign .= $end . "\n"; 
$toSign .= "\n";
$toSign .= "https" . "\n";
$toSign .= "2017-04-17" . "\n";

$signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, $sasKeyValue, TRUE))); 
$token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;

return $uri . $token;

回答1:


You could do 2 things to avoid this error.

  1. Convert start and end time to GMT time via setTimezone() function or consider using the gmdate function instead.

  2. Decode base64 account key through base64_decode() function.

Please change your code like the following:

$storageAccount = config('azure.storage.account');

$start = (new \DateTime())->setTimezone(new DateTimeZone('GMT'));     
$end = (new \DateTime())->setTimezone(new DateTimeZone('GMT'))->modify('+5 minutes');
$start = $start->format('Y-m-d\TH:i:s\Z');
$end = $end->format('Y-m-d\TH:i:s\Z');

$toSign = $storageAccount . "\n";
$toSign .= "rwdlac" . "\n";
$toSign .= "b" . "\n";
$toSign .= "sco" . "\n";
$toSign .= $start . "\n";
$toSign .= $end . "\n"; 
$toSign .= "\n";
$toSign .= "https" . "\n";
$toSign .= "2017-04-17" . "\n";

$signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, base64_decode($sasKeyValue), TRUE))); 
$token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;

return $uri . $token;


来源:https://stackoverflow.com/questions/45745287/why-isnt-my-azure-sas-token-signature-matching

标签
php
azure
token
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!