REST Api to Azure blob storage using Access key

与世无争的帅哥 提交于 2021-02-10 05:56:07

问题


We are trying to access the blobs from azure blob storage without using the Azure SDK,

we are trying to access through the shared key by Azure REST API, for that we need to generate the Authorization header, but when I try to create a signature from the Access key I am getting the following error

"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."

"The MAC signature found in the HTTP request 'key hash' is not the same as any computed signature"

Need help to generate proper authorization header, we have followed the documentation

https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

https://docs.microsoft.com/en-gb/rest/api/storageservices/authorization-for-the-azure-storage-services?redirectedfrom=MSDN

We have tried in postman as well, and we are getting the same error.

     string signWithAccountKey(string stringToSign, string accountKey)
     {
            var hmacsha = new System.Security.Cryptography.HMACSHA256();
            hmacsha.Key = Convert.FromBase64String(accountKey);
            var signature = hmacsha.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
            return Convert.ToBase64String(signature);
     }

The MAC signature found in the HTTP request 'key hash' is not the same as any computed signature


回答1:


I write the code below for List Blobs api. You can follow/modify my code and try to use other blobs api.

class Program
{

  static void Main(string[] args)
   {
     ListBlobs();

      Console.WriteLine("done");
      Console.ReadLine();    
   }  


static void ListBlobs()
{
    string Account = "xxxx";
    string Key = "xxxx";
    string Container = "aa1";
    string apiversion = "2018-03-28";

    DateTime dt = DateTime.UtcNow;
    string StringToSign = String.Format("GET\n"
        + "\n" // content encoding
        + "\n" // content language
        + "\n" // content length
        + "\n" // content md5
        + "\n" // content type
        + "\n" // date
        + "\n" // if modified since
        + "\n" // if match
        + "\n" // if none match
        + "\n" // if unmodified since
        + "\n" // range
        + "x-ms-date:" + dt.ToString("R") + "\nx-ms-version:"+apiversion+"\n" // headers
        + "/{0}/{1}\ncomp:list\nrestype:container", Account, Container);

    string auth = SignThis(StringToSign, Key, Account);

    Console.WriteLine($"the date is: {dt.ToString("R")}");
    Console.WriteLine($"the auth token is: {auth}");
    Console.WriteLine("*********");
    string method = "GET";
    string urlPath = string.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list", Account, Container);
    Uri uri = new Uri(urlPath);
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    request.Method = method;
    request.Headers.Add("x-ms-date", dt.ToString("R"));
    request.Headers.Add("x-ms-version", apiversion);
    request.Headers.Add("Authorization", auth);

    Console.WriteLine("***list all the blobs in the specified container, in xml format***");
    using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
    {

        using (StreamReader reader = new StreamReader(response.GetResponseStream()))
        {
            Console.WriteLine(reader.ReadToEnd());
        }
    }
}


private static String SignThis(String StringToSign, string Key, string Account)
        {
            String signature = string.Empty;
            byte[] unicodeKey = Convert.FromBase64String(Key);
            using (HMACSHA256 hmacSha256 = new HMACSHA256(unicodeKey))
            {
                Byte[] dataToHmac = System.Text.Encoding.UTF8.GetBytes(StringToSign);
                signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
            }

            String authorizationHeader = String.Format(
                  CultureInfo.InvariantCulture,
                  "{0} {1}:{2}",
                  "SharedKey",
                  Account,
                  signature);

            return authorizationHeader;
        }


   }

Test result in visual studio, and in postman:



来源:https://stackoverflow.com/questions/56774567/rest-api-to-azure-blob-storage-using-access-key

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!