blob 和 sas
Blob是什么?
请看上篇文章简单总结下关于blob的图片上传 在使用Blob图片上传的时候碰到许多问题,比如如何使用用户名密码下载文件啊什么的 今天就记录一下我碰到的最大的问题
如何匿名去访问你上传的Blob文件
共享访问签名:了解 SAS 模型 这篇文章值得一看,多数官方的文档在有时候还是很有用的。尝试了半天,只发现一个方法可以用,使用blobName来生成SAS,再通过SAS生成的Uri+SASToken来访问blob文件。
1 private static string GetBlobSasUri(CloudBlobContainer container, string blobName, string policyName = null) 2 { 3 string sasBlobToken; 4 5 CloudBlockBlob blob = container.GetBlockBlobReference(blobName); 6 7 if (policyName == null) 8 { 9 SharedAccessBlobPolicy adHocSAS = new SharedAccessBlobPolicy() 10 { 11 SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(1), 12 Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create 13 }; 14 15 sasBlobToken = blob.GetSharedAccessSignature(adHocSAS); 16 17 Console.WriteLine("SAS for blob (ad hoc): {0}", sasBlobToken); 18 Console.WriteLine(); 19 } 20 else 21 { 22 sasBlobToken = blob.GetSharedAccessSignature(null, policyName); 23 24 Console.WriteLine("SAS for blob (stored access policy): {0}", sasBlobToken); 25 Console.WriteLine(); 26 } 27 28 return blob.Uri + sasBlobToken; 29 }
其实官方文档写的很详细了,不过有个参数我不是很懂,policyName ,文档里也没有过多的介绍,不过从代码来看,应该是已知URI,生成token后拼接吧。嗯。。。有空测试一下就知道了。。
官方还有一个比较吸引我的方法
1 private static string GetContainerSasUri(CloudBlobContainer container, string storedPolicyName = null) 2 { 3 string sasContainerToken; 4 5 if (storedPolicyName == null) 6 { 7 SharedAccessBlobPolicy adHocPolicy = new SharedAccessBlobPolicy() 8 { 9 SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), 10 Permissions = SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.List 11 }; 12 13 sasContainerToken = container.GetSharedAccessSignature(adHocPolicy, null); 14 15 Console.WriteLine("SAS for blob container (ad hoc): {0}", sasContainerToken); 16 Console.WriteLine(); 17 } 18 else 19 { 20 sasContainerToken = container.GetSharedAccessSignature(null, storedPolicyName); 21 22 Console.WriteLine("SAS for blob container (stored access policy): {0}", sasContainerToken); 23 Console.WriteLine(); 24 } 25 26 return container.Uri + sasContainerToken; 27 }
可以直接定位到容器,在容器上直接创建SAS来访问,然而我试了不同的参数,返回了各种各样的错误信息,比如。。
1 <Error> 2 <Code>AuthenticationFailed</Code> 3 <Message> 4 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:2ce78f2c-0001-0023-1773-00b9e0000000 Time:2017-07-19T09:45:48.3088986Z 5 </Message> 6 <AuthenticationErrorDetail> 7 Signature did not match. String to sign used was wl 2017-07-20T09:45:12Z /blob/hollywoodsharestorage/$root 2016-05-31 8 </AuthenticationErrorDetail> 9 </Error>
1 <Error> 2 <Code>AuthenticationFailed</Code> 3 <Message> 4 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:4e04d8fe-0001-0020-6471-00bae7000000 Time:2017-07-19T09:29:23.1074413Z 5 </Message> 6 <AuthenticationErrorDetail> 7 Access without signed identifier cannot have time window more than 1 hour: Start [Wed, 19 Jul 2017 09:29:23 GMT] - Expiry [Wed, 19 Jul 2017 18:24:53 GMT] 8 </AuthenticationErrorDetail> 9 </Error>
差不多都是在告诉我,生成的签名不对。。。
是我打开的方式不对,还是有别的使用的方法,这个还需要更深一步研究,希望看到的各位大神,有知晓的,分享一下,感激不尽~