问题
I'm trying to get some code working to fetch a file from S3 using the REST API via C#. I've seen other people doing similar things but for some reason I keep getting a 403 error. I've tried to do the same thing with the AWS SDK for .Net and it works so I assume it's the way I'm creating the authorization header.
Is anyone able to shed any light on this please?
string awsAccessId = "***";
string awsSecretKey = "***";
string bucketName = "thebucket";
string httpDate = DateTime.Now.ToString("ddd, dd MMM yyyy HH:mm:ss +0000\n");
string canonicalString = "GET\n"
+ "\n"
+ "\n"
+ "x-amz-date:" + httpDate + "\n"
+ "/" + bucketName + "/readme.txt";
// now encode the canonical string
Encoding ae = new UTF8Encoding();
// create a hashing object
HMACSHA1 signature = new HMACSHA1();
// secretId is the hash key
signature.Key = ae.GetBytes(awsSecretKey);
byte[] bytes = ae.GetBytes(canonicalString);
byte[] moreBytes = signature.ComputeHash(bytes);
// convert the hash byte array into a base64 encoding
string encodedCanonical = Convert.ToBase64String(moreBytes);
// Send the request
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://" + bucketName +".s3.amazonaws.com/readme.txt");
request.Headers.Add("x-amz-date", httpDate);
request.Headers.Add("Authorization", "AWS " + awsAccessId + ":" + encodedCanonical);
request.Method = "GET";
// Get the response
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Console.WriteLine(response.StatusCode);
Console.Read();
回答1:
I tested your code, it works! you just need an extra \n plus change http to https and you're done.
string stringToConvert = "GET\n"
+ "\n"
+ "\n"
+ "\n"
+ "x-amz-date:" + timeStamp + "\n"
+ "/" + bucketName + "/" + FileName;
Amazon Rest API don't have a good documentation, the lack of examples makes everyone go to the SDK instead.
回答2:
I don't know if this is the only problem, but it looks like a definite problem:
+ "x-amz-date:" + httpDate + "\n"
x-amz-date is the header that supercedes the Date: header in the HTTP request itself, but in the string to sign, you just put the date, without "x-amz-date:" or anything in front of it, according to the examples:
GET\n
\n
\n
Tue, 27 Mar 2007 19:36:42 +0000\n
/johnsmith/photos/puppy.jpg
http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationRequestCanonicalization
There is only one correct signature that can be generated for a request. S3 is going to generate that signature, and compare it to the one you sent, so there's not a single byte of room for error in the string-to-sign.
来源:https://stackoverflow.com/questions/19689484/amazon-s3-rest-api-403-error-c-sharp