How to sign url in .net for google cloud storage
I want to know that how to generate signurl using google cloud storage classes in .net
I have created string as per the requirement
GET
1388534400
-
I know the question was for P12, but Google lead me here when I was looking to do this for the newer, preferred JSON method. I pieced this together with other samples and sites I found. Hope this help save some time.
public string GetSignedURL() { var myObj = "theObject"; var scopes = new string[] { "https://www.googleapis.com/auth/devstorage.read_write" }; var myBucket = "theBucket"; ServiceAccountCredential cred; using ( var stream = new FileStream(@"\path to\private-key.json", FileMode.Open, FileAccess.Read) ) { cred = GoogleCredential.FromStream(stream) .CreateScoped(scopes) .UnderlyingCredential as ServiceAccountCredential; } var urlSigner = UrlSigner.FromServiceAccountCredential(cred); return urlSigner.Sign(myBucket, myObj, TimeSpan.FromHours(1), HttpMethod.Get); }A list of Scopes can be found here
讨论(0) -
This is my google signer code, One can make it more dynamic as per their needs
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; using System.Web; using System.Security.Cryptography.X509Certificates; namespace HHAFSGoogle { static class GoogleSigner { private static string hashAlgo = "SHA256"; public static string ServiceAccountEmail { get { return "XXXXXXXXXXXXX-YYYYYYYYYYYYYYYYYYYYYYYY@developer.gserviceaccount.com"; } } public static string GoogleSecreat { get { return "notasecret"; } } public static string GoogleBucketDir { get { return "MyBucketDirectory"; } } public static string GoogleBucketName { get { return "MyBucket"; } } public static string CertiFilelocation { get { return System.Web.HttpContext.Current.Server.MapPath("p12file.p12"); } } /// <summary> /// Get URL signature /// </summary> /// <param name="base64EncryptedData"></param> /// <param name="certiFilelocation"></param> /// <returns></returns> public static string GetSignature(string base64EncryptedData, string certiFilelocation) { X509Certificate2 certificate = new X509Certificate2(certiFilelocation, GoogleSecreat, X509KeyStorageFlags.Exportable); RSACryptoServiceProvider csp = (RSACryptoServiceProvider)certificate.PrivateKey; RSACryptoServiceProvider privateKey1 = new RSACryptoServiceProvider(); privateKey1.ImportParameters(csp.ExportParameters(true)); csp.ImportParameters(privateKey1.ExportParameters(true)); byte[] data = Encoding.UTF8.GetBytes(base64EncryptedData.Replace("\r", "")); byte[] signature = privateKey1.SignData(data, hashAlgo); bool isValid = privateKey1.VerifyData(data, hashAlgo, signature); if (isValid) { return Convert.ToBase64String(signature); } else { return string.Empty; } } /// <summary> /// Get signed URL by Signature /// </summary> /// <param name="fileName"></param> /// <param name="method"></param> /// <param name="content_type"></param> /// <param name="duration"></param> /// <returns></returns> public static string GetSignedURL(string fileName, string method = "GET", string content_type = "", int duration = 10) { TimeSpan span = (DateTime.UtcNow.AddMinutes(10) - new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)); var expires = Math.Round(span.TotalSeconds, 0); // Encode filename, so URL characters like %20 for space could be handled properly in signature fileName = HttpUtility.UrlPathEncode(fileName); // Generate a string to sign StringBuilder sbFileParam = new StringBuilder(); sbFileParam.AppendLine(method); //Could be GET, PUT, DELETE, POST // /* Content-MD5 */ "\n" . sbFileParam.AppendLine(); sbFileParam.AppendLine(content_type); // Type of content you would upload e.g. image/jpeg sbFileParam.AppendLine(expires.ToString()); // Time when link should expire and shouldn't work longer sbFileParam.Append("/" + GoogleBucketName + "/" + fileName); var signature = System.Web.HttpContext.Current.Server.UrlEncode(GetSignature(sbFileParam.ToString(), CertiFilelocation)); return ("https://storage.googleapis.com/MyBucket/" + fileName + "?response-content-disposition=attachment;&GoogleAccessId=" + ServiceAccountEmail + "&Expires=" + expires + "&Signature=" + signature); } } }and to download file call above class to get signed url
GoogleSigner.GetSignedURL(bucketFileName)and to upload file call above class to get signed url for upload url
GoogleSigner.GetSignedURL(fileName, "PUT", type);讨论(0) -
The .NET client doesn't support signing URLs (it is an XML-only API), so you will need to either make a callout to a tool like gsutil or generate an RSA signature internal to your application (Signing and verifying signatures with RSA C#)
讨论(0) -
Now there is a UrlSigner in the pre-release package Google.Cloud.Storage.V1 that can be used to to provide read-only access to existing objects:
// Create a signed URL which can be used to get a specific object for one hour. UrlSigner urlSigner = UrlSigner.FromServiceAccountCredential(credential); string url = urlSigner.Sign( bucketName, objectName, TimeSpan.FromHours(1), HttpMethod.Get);Or write-only access to put specific object content into a bucket:
// Create a signed URL which allows the requester to PUT data with the text/plain content-type. UrlSigner urlSigner = UrlSigner.FromServiceAccountCredential(credential); var destination = "places/world.txt"; string url = urlSigner.Sign( bucketName, destination, TimeSpan.FromHours(1), HttpMethod.Put, contentHeaders: new Dictionary<string, IEnumerable<string>> { { "Content-Type", new[] { "text/plain" } } }); // Upload the content into the bucket using the signed URL. string source = "world.txt"; ByteArrayContent content; using (FileStream stream = File.OpenRead(source)) { byte[] data = new byte[stream.Length]; stream.Read(data, 0, data.Length); content = new ByteArrayContent(data) { Headers = { ContentType = new MediaTypeHeaderValue("text/plain") } }; } HttpResponseMessage response = await httpClient.PutAsync(url, content);讨论(0)
加载中...
- 热议问题