我们计算的请求签名与您提供的 aws 签名不匹配
Posted
技术标签:
【中文标题】我们计算的请求签名与您提供的 aws 签名不匹配【英文标题】:the request signature we calculated does not match the signature you provided aws 【发布时间】:2015-05-15 15:14:32 【问题描述】:我想通过 asp.net 项目将我的视频文件从浏览器上传到 Amazon S3 存储。但我不断收到此错误:“我们计算的请求签名与您提供的签名不匹配”
这是我的 javascript 代码;
function uploadFile()
var access_key = "xx";
var secret = "xx";
var policy = "xx";
var signature = "xx";
var file = document.getElementById('file').files[0];
var fd = new FormData();
var key = "folder1/" + (new Date).getTime() + '-' + file.name;
fd.append('key', key);
fd.append('acl', 'public-read-write');
fd.append('Content-Type', file.type);
fd.append('AWSAccessKeyId', access_key);
fd.append('policy', policy)
fd.append('signature', signature);
fd.append("file", file);
var xhr = new XMLHttpRequest();
xhr.upload.addEventListener("progress", uploadProgress, false);
xhr.addEventListener("load", uploadComplete, false);
xhr.addEventListener("error", uploadFailed, false);
xhr.addEventListener("abort", uploadCanceled, false);
xhr.open('POST', 'https://bucketName.s3.amazonaws.com/', true);
xhr.send(fd);
这是政策字符串;
" +
"\"Id\": \"Policyxxx\"," +
"\"Version\": \"2012-10-17\"," +
"\"Statement\": [" +
"" +
"\"Sid\": \"Stmtxxx\"," +
"\"Action\": \"s3:*\"," +
"\"Effect\": \"Allow\"," +
"\"Resource\": \"arn:aws:s3:::bucketName/*\"," +
"\"Principal\": \"*\"" +
"" +
"]" +
"
这里是getsignature方法;
public static string GetS3Signature(string policyStr)
string b64Policy = Convert.ToBase64String(Encoding.ASCII.GetBytes(policyStr));
byte[] b64Key = Encoding.ASCII.GetBytes(AwsSecretKey);
HMACSHA1 hmacSha1 = new HMACSHA1(b64Key);
var c = Convert.ToBase64String(hmacSha1.ComputeHash(Encoding.ASCII.GetBytes(b64Policy)));
return c;
错误的原因可能是什么
【问题讨论】:
你是如何构建签名的?它必须是使用您的密钥的 Base-64 编码策略的 HMAC-SHA-1。根据这些说明:docs.aws.amazon.com/AmazonS3/latest/dev/… 就像这样:string b64Policy = Convert.ToBase64String(Encoding.ASCII.GetBytes(policyStr)); byte[] b64Key = Encoding.ASCII.GetBytes(AwsSecretKey); HMACSHA1 hmacSha1 = 新 HMACSHA1(b64Key); var c = Convert.ToBase64String(hmacSha1.ComputeHash(Encoding.ASCII.GetBytes(b64Policy)));返回 c; 【参考方案1】:政策中提到的任何条件也必须在表单数据中。例如,如果您有类似
的条件["starts-with", "x-amz-meta-myelement", ""]
然后您必须发送该密钥。如果策略对内容类型或密钥前缀有限制,这些也可能导致签名错误。
【讨论】:
嗨@Jim,这是策略字符串:"\"Id\": \"Policyxxx\"," + "\"Version\": \"2012-10-17\", " + "\"Statement\": [" + "" + "\"Sid\": \"Stmtxxx\"," + "\"Action\": \"s3:*\"," + "\ "效果\": \"允许\"," + "\"资源\": \"arn:aws:s3:::bucketName/*\"," + "\"Principal\": \"*\" " + "" + "]" 我没有条件。我已经更新了问题以获取更多代码细节。 这看起来像是 IAM 政策。与签名 POST 策略一起使用的策略略有不同。有关示例,请参阅 docs.aws.amazon.com/AmazonS3/latest/API/…。 我改变了,但仍然收到错误:((((这里是代码; \"expiration\": \"2016-12-01T12:00:00.000Z\"," + "\ "条件\": [" + "\"acl\": \"public-read\" ," + "\"bucket\": \"bucketname\" ," + "[\"starts-与\", \"$key\", \"\"]," + "]" + "以上是关于我们计算的请求签名与您提供的 aws 签名不匹配的主要内容,如果未能解决你的问题,请参考以下文章
我们计算的请求签名与您提供的签名不匹配。检查您的 AWS 秘密访问密钥和签名方法
AWS S3 - 我们计算的请求签名与您提供的签名不匹配。检查您的密钥和签名方法
AWSSecretsManagerException:我们计算的请求签名与您提供的签名不匹配