获取临时id和key的方法,从sdk中得到tempId,在前端调用putObject,返回403。
前端代码: string region = _cfg.TencentSettings.COSSettings.DefaultRegion; // bucket 所在区域
string allowPrefix = _cfg.TencentSettings.COSSettings.Prefix; // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
string[] allowActions = new string[] { // 允许的操作范围,这里以上传操作为例
"name/cos:PutObject",
"name/cos:PostObject",
"name/cos:InitiateMultipartUpload",
"name/cos:ListMultipartUploads",
"name/cos:ListParts",
"name/cos:UploadPart",
"name/cos:CompleteMultipartUpload"
};
string secretId = _cfg.TencentSettings.COSSettings.SecretId; // 云 API 密钥 Id
string secretKey = _cfg.TencentSettings.COSSettings.SecretKey; // 云 API 密钥 Key
Dictionary<string, object> values = new Dictionary<string, object>();
values.Add("bucket", bucket);
values.Add("region", region);
values.Add("allowPrefix", allowPrefix);
values.Add("allowActions", allowActions);
values.Add("durationSeconds", 1800);
values.Add("secretId", secretId);
values.Add("secretKey", secretKey);
var credential = COSSTS.STSClient.genCredential(values);
return credential;
COSSTS.STSClient.genCredential(values)方法是官方文档的demo:
public static GetFederationTokenResponse genCredential(Dictionary<string, object> values) {
Credential cred = new Credential {
SecretId = (string) values["secretId"],
SecretKey = (string) values["secretKey"]
};
ClientProfile clientProfile = new ClientProfile();
HttpProfile httpProfile = new HttpProfile();
httpProfile.Endpoint = ("sts.tencentcloudapi.com");
clientProfile.HttpProfile = httpProfile;
string region = (string) values["region"];
string bucket = (string) values["bucket"];
string allowPrefix = (string) values["allowPrefix"];
string[] allowActions = (string[]) values["allowActions"];
string policy = getPolicy(region, bucket, allowPrefix, allowActions);
Dictionary<string, object> body = new Dictionary<string, object>();
body.Add("DurationSeconds", (Int32) values["durationSeconds"]);
body.Add("Name", "cos-sts-sdk-dotnet");
body.Add("Policy", policy);
StsClient client = new StsClient(cred, region, clientProfile);
GetFederationTokenRequest req = new GetFederationTokenRequest();
string strParams = JsonConvert.SerializeObject(body);
req = GetFederationTokenRequest.FromJsonString<GetFederationTokenRequest>(strParams);
GetFederationTokenResponse resp = client.GetFederationToken(req).
ConfigureAwait(false).GetAwaiter().GetResult();
//return JsonConvert.SerializeObject(resp);
return resp;
}
相似问题