为什么blobServiceClient.GetUserDelegationKeyAsync失败了,但blobClient.DownloadToAsync成功了?
为什么blobServiceClient.GetUserDelegationKeyAsync失败了,但blobClient.DownloadToAsync成功了?
提问于 2022-08-05 14:19:54
我正在尝试访问Azure的blob。我可以使用blobClient.DownloadToAsync调用访问它,如下面的GetAsync方法所示。但是,如果我使用blobServiceClient.GetUserDelegationKeyAsync (如下面所示的CreateSasTokenUri所示),则无法访问它。
public class AppBlobService
{
private readonly string _connectionString;
public AppBlobService(string connectionString)
{
_connectionString = connectionString;
}
public async Task<Uri?> CreateSasTokenUri(string containerName, string blobName)
{
var blobServiceClient = new BlobServiceClient(_connectionString);
var containerClient = blobServiceClient.GetBlobContainerClient(containerName);
var blobClient = containerClient.GetBlobClient(blobName);
Uri ret = null;
try
{
if (await blobClient.ExistsAsync())
{
ret = await GetUserDelegationSasBlob(blobClient);
}
}
catch (Exception e)
{
Console.WriteLine(e);
}
return ret;
}
private async Task<Uri> GetUserDelegationSasBlob(BlobClient blobClient)
{
BlobServiceClient blobServiceClient =
blobClient.GetParentBlobContainerClient().GetParentBlobServiceClient();
Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey =
await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddDays(7));
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
Resource = "b",
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddDays(7)
};
sasBuilder.SetPermissions(BlobSasPermissions.Read );
BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
Sas = sasBuilder.ToSasQueryParameters(userDelegationKey,
blobServiceClient.AccountName)
};
return blobUriBuilder.ToUri();
}
public async Task<BlobEntity> GetAsync(string containerName, string blobName)
{
var ret = new BlobEntity(containerName, blobName);
var blobServiceClient = new BlobServiceClient(_connectionString);
var containerClient = blobServiceClient.GetBlobContainerClient(containerName);
var blobClient = containerClient.GetBlobClient(blobName);
if (await blobClient.ExistsAsync())
{
var ms = new MemoryStream();
await blobClient.DownloadToAsync(ms);
ret.DataStream = ms;
}
return ret;
}
}我收到的例外是:
状态: 403 (服务器无法验证请求。确保授权头的值是正确的,包括签名。)ErrorCode: AuthenticationFailed附加信息: AuthenticationErrorDetail:仅支持身份验证方案
如何正确获取客户端浏览器可以直接用于读取该文件的blob文件的URI?blob文件是一个html,它的url将在iframe属性中使用。
回答 2
Stack Overflow用户
发布于 2022-08-12 12:39:26
GetUserDelegation支持AD授权,Azure AD支持更多令牌。
有关更多信息:请参阅此文章
Stack Overflow用户
发布于 2022-08-09 07:20:25
您可以通过在以下URL中填写所需数据来生成URL
https://<storage account name >.blob.core.windows.net/<container name>/<blob name>另外,要想工作,您需要读取blob的访问权限,只需在上面的URL中填充存储帐户名称、容器名称和blob名称。
另一种方法是直接从门户获取URL。
- 只需转到容器选项卡,选择blob所在的容器并单击它。
- 然后选择并单击所需URL的blob
- 现在您可以从URL选项卡复制URL
您可以直接在浏览器中粘贴URL
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73251215
复制相关文章
相似问题
腾讯云开发者
