在 Azure 存储 [REST] [Azure Blob] 中对 PUT Blob 的 REST api 调用中的身份验证失败

Posted 2023-03-28

【中文标题】在 Azure 存储 [REST] [Azure Blob] 中对 PUT Blob 的 REST api 调用中的身份验证失败

【英文标题】：Authentication Failed in REST api call to PUT Blob in Azure Storage [REST][Azure Blob]

【发布时间】：2021-06-01 18:09:45

【问题描述】：

我正在尝试发出 PUT 请求以创建 Azure Blob，但它给出了 Auth Failed。 我认为我在制定资源字符串或标题时犯了一些错误。

这是代码

const CryptoJS = require("crypto-js");
const request = require("request");
require("dotenv").config();
var parser = require("xml2json");

const account = process.env.ACCOUNT_NAME || "";
const key = process.env.ACCOUNT_KEY || "";
var containerName = "demo";

var strTime = new Date().toUTCString();

string_params = 
  'verb': 'PUT',
  'Content-Encoding': '',
  'Content-Language': '',
  'Content-Length': 11,
  'Content-MD5': '',
  'Content-Type': 'text/plain; charset=UTF-8',
  'Date': '',
  'If-Modified-Since': '',
  'If-Match': '',
  'If-None-Match': '',
  'If-Unmodified-Since': '',
  'Range': '',
  'CanonicalizedHeaders': 'x-ms-date:' + strTime + '\nx-ms-version:' + '2018-03-28\n',
  'CanonicalizedResource': `/$account/$containerName/hello`



   var strToSign =
  string_params["verb"] +
  "\n" +
  string_params["Content-Encoding"] +
  "\n" +
  string_params["Content-Language"] +
  "\n" +
  string_params["Content-Length"] +
  "\n" +
  string_params["Content-MD5"] +
  "\n" +
  string_params["Content-Type"] +
  "\n" +
  string_params["Date"] +
  "\n" +
  string_params["If-Modified-Since"] +
  "\n" +
  string_params["If-Match"] +
  "\n" +
  string_params["If-None-Match"] +
  "\n" +
  string_params["If-Unmodified-Since"] +
  "\n" +
  string_params["Range"] +
  "\n" +
  string_params["CanonicalizedHeaders"] +
  string_params["CanonicalizedResource"];

var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey $account:` + hashInBase64;

const options = 
  url: `https://$account.blob.core.windows.net/$containerName/hello`,
  headers: 
    Authorization: auth,
    "x-ms-date": strTime,
    "x-ms-version": "2018-03-28",
    "x-ms-blob-type": "BlockBlob",
    "Content-Length": "11",
    "Content-Type": "text/plain; charset=UTF-8",
  ,
  body: "hello world",
;

function callback(error, response, body) 
  console.log(response.statusCode);
  console.log(response.statusMessage);
  console.log(response.headers);


request.put(options, callback);

在运行上述代码时，我得到的消息是：

403
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

可以在此处找到相同的参考链接： https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

【参考方案1】：

字符串格式存在问题，您需要在规范标头中添加另一个字段，即 x-ms-blob-type 您的 CanonicalizedHeaders 应如下所示：

'x-ms-blob-type:BlockBlob\nx-ms-date:' + strTime + '\nx-ms-version:' + '2017-04-17\n',