使用 php 的 Azure 共享访问签名错误
Azure Shared Access Signature error using php
我正在使用 SAS 尝试从私有 Azure 存储容器下载 blob,使用 php。但它总是让我犯同样的错误。
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. ...
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used ... /blob/name/container/archive.jpg
</AuthenticationErrorDetail>
</Error>
这是我的代码:
static private function getSASForBlob($accountName,$containerName, $fileName, $resourceType, $permissions, $expiry) {
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName;
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true)
);
}
static public function getBlobDownloadUrl($container,$blob,$accountName,$key){
/* Create the signed query part */
$resourceType='b';
$permissions='r';
/*$expTime_utc = new DateTime(null, new DateTimeZone("UTC"));
$expTime_utc->add(new DateInterval('PT1H'));
$expiry=$expTime_utc->format('Y-m-d\TH:i:s\Z');*/
$expiry = date('Y-m-d\TH:i:s\Z', strtotime('+1 day'));
$_signature=AzureServices::getSASForBlob($accountName,$key,$container, $blob, $resourceType, $permissions, $expiry);
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = "sv=2015-04-05";
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
我尝试按照相同的结构将日期更改为 DateTime,在“$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName 行中添加和删除“/” “ ... 但什么也没发生,显示相同的错误消息 ...
请帮我。
谢谢
请在这行代码中添加/blob/:
$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName;
所以,应该是:
$_arraysign[] = '/blob/' 。 $账户名。 '/' 。 $容器名称。 '/' 。 $文件名;
从这个页面:https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
The canonicalizedresouce portion of the string is a canonical path to
the signed resource. It must include the service name (blob, table,
queue or file) for version 2015-02-21 or later, the storage account
name, and the resource name, and must be URL-decoded. Names of blobs
must include the blob’s container. Table names must be lower-case. The
following examples show how to construct the canonicalizedresource
portion of the string, depending on the type of resource.
因为你在2015-04-05中使用了signedversion,所以除了@Gaurav Mantri的回答之外,还有一点你需要注意,根据[=]部分的描述=24=]构造签名字符串 in https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx:
Version 2015-04-05 adds support for the signed IP and signed protocol fields. These must be included in the string-to-sign. To construct the string-to-sign for Blob or File service resources, use the following format:
StringToSign = signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedresource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
rscc + "\n" +
rscd + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct
所以我们需要将函数getSASForBlob中的$_arraysign修改为:
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
如有任何疑问,请随时告诉我。
我正在使用 SAS 尝试从私有 Azure 存储容器下载 blob,使用 php。但它总是让我犯同样的错误。
<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. ...
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used ... /blob/name/container/archive.jpg
</AuthenticationErrorDetail>
</Error>
这是我的代码:
static private function getSASForBlob($accountName,$containerName, $fileName, $resourceType, $permissions, $expiry) {
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName;
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true)
);
}
static public function getBlobDownloadUrl($container,$blob,$accountName,$key){
/* Create the signed query part */
$resourceType='b';
$permissions='r';
/*$expTime_utc = new DateTime(null, new DateTimeZone("UTC"));
$expTime_utc->add(new DateInterval('PT1H'));
$expiry=$expTime_utc->format('Y-m-d\TH:i:s\Z');*/
$expiry = date('Y-m-d\TH:i:s\Z', strtotime('+1 day'));
$_signature=AzureServices::getSASForBlob($accountName,$key,$container, $blob, $resourceType, $permissions, $expiry);
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = "sv=2015-04-05";
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
我尝试按照相同的结构将日期更改为 DateTime,在“$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName 行中添加和删除“/” “ ... 但什么也没发生,显示相同的错误消息 ... 请帮我。 谢谢
请在这行代码中添加/blob/:
$_arraysign[] = $accountName . '/' . $containerName . '/' . $fileName;
所以,应该是:
$_arraysign[] = '/blob/' 。 $账户名。 '/' 。 $容器名称。 '/' 。 $文件名;
从这个页面:https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version 2015-02-21 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blob’s container. Table names must be lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
因为你在2015-04-05中使用了signedversion,所以除了@Gaurav Mantri的回答之外,还有一点你需要注意,根据[=]部分的描述=24=]构造签名字符串 in https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx:
Version 2015-04-05 adds support for the signed IP and signed protocol fields. These must be included in the string-to-sign. To construct the string-to-sign for Blob or File service resources, use the following format:
StringToSign = signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedresource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
rscc + "\n" +
rscd + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct
所以我们需要将函数getSASForBlob中的$_arraysign修改为:
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/blob/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = "2015-04-05"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
如有任何疑问,请随时告诉我。