问调用COS的putObject接口报403AccessDenied？

获取临时id和key的方法，从sdk中得到tempId，在前端调用putObject，返回403。

前端代码： string region = _cfg.TencentSettings.COSSettings.DefaultRegion; // bucket 所在区域

string allowPrefix = _cfg.TencentSettings.COSSettings.Prefix; // 这里改成允许的路径前缀，可以根据自己网站的用户登录态判断允许上传的具体路径，例子： a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)

string[] allowActions = new string[] { // 允许的操作范围，这里以上传操作为例

"name/cos:PutObject",

"name/cos:PostObject",

"name/cos:InitiateMultipartUpload",

"name/cos:ListMultipartUploads",

"name/cos:ListParts",

"name/cos:UploadPart",

"name/cos:CompleteMultipartUpload"

};

string secretId = _cfg.TencentSettings.COSSettings.SecretId; // 云 API 密钥 Id

string secretKey = _cfg.TencentSettings.COSSettings.SecretKey; // 云 API 密钥 Key

Dictionary<string, object> values = new Dictionary<string, object>();

values.Add("bucket", bucket);

values.Add("region", region);

values.Add("allowPrefix", allowPrefix);

values.Add("allowActions", allowActions);

values.Add("durationSeconds", 1800);

values.Add("secretId", secretId);

values.Add("secretKey", secretKey);

var credential = COSSTS.STSClient.genCredential(values);

return credential;

COSSTS.STSClient.genCredential(values)方法是官方文档的demo：

public static GetFederationTokenResponse genCredential(Dictionary<string, object> values) {

Credential cred = new Credential {

SecretId = (string) values["secretId"],

SecretKey = (string) values["secretKey"]

};

ClientProfile clientProfile = new ClientProfile();

HttpProfile httpProfile = new HttpProfile();

httpProfile.Endpoint = ("sts.tencentcloudapi.com");

clientProfile.HttpProfile = httpProfile;

string region = (string) values["region"];

string bucket = (string) values["bucket"];

string allowPrefix = (string) values["allowPrefix"];

string[] allowActions = (string[]) values["allowActions"];

string policy = getPolicy(region, bucket, allowPrefix, allowActions);

Dictionary<string, object> body = new Dictionary<string, object>();

body.Add("DurationSeconds", (Int32) values["durationSeconds"]);

body.Add("Name", "cos-sts-sdk-dotnet");

body.Add("Policy", policy);

StsClient client = new StsClient(cred, region, clientProfile);

GetFederationTokenRequest req = new GetFederationTokenRequest();

string strParams = JsonConvert.SerializeObject(body);

req = GetFederationTokenRequest.FromJsonString<GetFederationTokenRequest>(strParams);

GetFederationTokenResponse resp = client.GetFederationToken(req).

ConfigureAwait(false).GetAwaiter().GetResult();

//return JsonConvert.SerializeObject(resp);

return resp;

}