javascript - 向 Azure Blob 存储发出 GET 请求时授权失败 [REST API][Azure Blob 存储]
问题描述
我正在尝试发出 GET 请求以获取我的 Azure Blob 存储帐户的帐户详细信息,但它每次都显示 Auth 失败。任何人都可以判断形成的标头或签名字符串是否正确或是否有任何其他问题?
这是代码:
const account = process.env.ACCOUNT_NAME || "";
const key = process.env.ACCOUNT_KEY || "";
var strTime = new Date().toUTCString();
var strToSign =
"GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:" +
strTime +
`\nx-ms-version:2018-03-28\n/${account}/\ncomp:properties\nrestype:account`;
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:${hashInBase64}`;
const options = {
url: `https://${account}.blob.core.windows.net/?comp=properties&restype=account`,
headers: {
Authorization: auth,
"x-ms-date": strTime,
"x-ms-version": "2018-03-28",
},
};
function callback(error, response, body) {
var json = parser.toJson(body);
console.log(error);
console.log(response);
if (!error && response.statusCode == 200) {
var json = parser.toJson(body);
console.log(json);
}
}
request(options, callback);
在此之后,我得到的 response.statusCode 是状态 403。
statusCode: 403,
statusMessage: 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.',
可以在此处找到有关 azure-blob 和标头以及身份验证的详细信息: https ://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
https://docs.microsoft.com/en-us/rest/api/storageservices/get-account-information
编辑:
字符串参数=
已更正为:
解决方案
使用 Azure 存储 JS SDK向 Azure Blob 存储发出请求会容易得多。如果您想获取您的存储帐户信息,只需尝试以下代码:
const { BlobServiceClient, StorageSharedKeyCredential } = require("@azure/storage-blob");
const account = '<storage account name>'
const accountKey = '<storage account key>'
const sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
const blobServiceClient = new BlobServiceClient(
`https://${account}.blob.core.windows.net`,
sharedKeyCredential
);
blobServiceClient.getAccountInfo().then((result)=>{
console.log("accountKind:"+result.accountKind + " skuName:" + result.skuName + " version:" + result.version );
})
结果:
更新:
如果您想以更通用的方式尝试它,请尝试以下代码:
var CryptoJS = require("crypto-js");
var request = require("request");
var parser = require('body-parser')
const account = ''
const key = ''
var strTime = new Date().toUTCString();
var strToSign =
"GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:" +
strTime +
`\nx-ms-version:2018-03-28\n/${account}/\ncomp:properties\nrestype:account`;
//console.log(strToSign);
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:${hashInBase64}`;
const options = {
url: `https://${account}.blob.core.windows.net/?comp=properties&restype=account`,
headers: {
Authorization: auth,
"x-ms-date": strTime,
"x-ms-version": "2018-03-28",
},
};
function callback(error, response, body) {
console.log(body);
if (!error && response.statusCode == 200) {
console.log(response.headers["x-ms-sku-name"]);
}
}
request(options, callback);
结果:
似乎你应该使用:
而不是=
在你的strToSign
.
推荐阅读
- javascript - Express.js - 将路由导入子路由
- c++ - 重载类型转换运算符
- javascript - 在javascript函数中更改元素>元素样式
- c# - 填补剩余工作时间的调度算法
- python - 从 pandas 中的选定数据中删除 NaN
- data-structures - 为什么我们让元素从堆栈 2 推回堆栈 1
- c++ - Visual Studio 2017 中是否有自动保存功能来处理其错误和崩溃?
- javascript - More efficient way to handle an extremely specific response from a Rest API in JavaScript
- gradle - 从 build.gradle 读取 excel 文件
- python - Firestore 中具有服务帐号的精细权限