Azure 存储休息 API(放置 Blob API)
Posted
技术标签:
【中文标题】Azure 存储休息 API(放置 Blob API)【英文标题】:Azure Storage Rest API (Put Blob API) 【发布时间】:2021-07-08 10:09:53 【问题描述】:我正在尝试使用 Azure rest api 放置一个 blob。我成功发出“GET”请求,但“PUT”请求出现问题。当我尝试发出“PUT”请求时,我收到 403 错误(服务器无法验证请求。确保 Authorization 标头的值正确形成,包括签名。)。我在***中看到过同样的帖子,但它对我没有帮助。有什么建议吗?
string uri = string.Format("https://0.blob.core.windows.net/1/LibraryForm.png", storageAccountName,containerName);
Byte[] requestPayload = File.ReadAllBytes(imagepath);
using (var httpRequestMessage = new HttpRequestMessage(HttpMethod.Put, uri)
Content = (requestPayload == null) ? null : new ByteArrayContent(requestPayload) )
// Add the request headers for x-ms-date and x-ms-version.
DateTime now = DateTime.UtcNow;
httpRequestMessage.Headers.Add("x-ms-date", now.ToString("R", CultureInfo.InvariantCulture));
httpRequestMessage.Headers.Add("x-ms-version", "2020-06-12");
httpRequestMessage.Headers.Add("x-ms-blob-type", "BlockBlob");
httpRequestMessage.Headers.Add("x-ms-blob-content-type", "image/png");
// Add the authorization header.
httpRequestMessage.Headers.Authorization = GetAuthorizationHeader(
storageAccountName, storageAccountKey, now, httpRequestMessage);
// Send the request.
using (HttpResponseMessage httpResponseMessage = await new HttpClient().SendAsync(httpRequestMessage))
if (httpResponseMessage.StatusCode == HttpStatusCode.OK)
var str = httpResponseMessage.Content.ReadAsStringAsync().Result;
return str;
internal static AuthenticationHeaderValue GetAuthorizationHeader(string storageAccountName, string storageAccountKey, DateTime now,
HttpRequestMessage httpRequestMessage, string ifMatch = "", string md5 = "")
// This is the raw representation of the message signature.
HttpMethod method = httpRequestMessage.Method;
String MessageSignature = String.Format("0\n\n\n1\n5\n\n\n\n2\n\n\n\n34",
method.ToString(),
(method == HttpMethod.Get || method == HttpMethod.Head) ? String.Empty
: httpRequestMessage.Content.Headers.ContentLength.ToString(),
ifMatch,
GetCanonicalizedHeaders(httpRequestMessage),
GetCanonicalizedResource(httpRequestMessage.RequestUri, storageAccountName),
md5);
// Now turn it into a byte array.
byte[] SignatureBytes = Encoding.UTF8.GetBytes(MessageSignature);
// Create the HMACSHA256 version of the storage key.
HMACSHA256 SHA256 = new HMACSHA256(Convert.FromBase64String(storageAccountKey));
// Compute the hash of the SignatureBytes and convert it to a base64 string.
string signature = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
// This is the actual header that will be added to the list of request headers.
// You can stop the code here and look at the value of 'authHV' before it is returned.
AuthenticationHeaderValue authHV = new AuthenticationHeaderValue("SharedKey",
storageAccountName + ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes)));
return authHV;
private static string GetCanonicalizedHeaders(HttpRequestMessage httpRequestMessage)
var headers = from kvp in httpRequestMessage.Headers
where kvp.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)
orderby kvp.Key
select new Key = kvp.Key.ToLowerInvariant(), kvp.Value ;
StringBuilder sb = new StringBuilder();
// Create the string in the right format; this is what makes the headers "canonicalized" --
// it means put in a standard format. http://en.wikipedia.org/wiki/Canonicalization
foreach (var kvp in headers)
StringBuilder headerBuilder = new StringBuilder(kvp.Key);
char separator = ':';
// Get the value for each header, strip out \r\n if found, then append it with the key.
foreach (string headerValues in kvp.Value)
string trimmedValue = headerValues.TrimStart().Replace("\r\n", String.Empty);
headerBuilder.Append(separator).Append(trimmedValue);
// Set this to a comma; this will only be used
// if there are multiple values for one of the headers.
separator = ',';
sb.Append(headerBuilder.ToString()).Append("\n");
return sb.ToString();
private static string GetCanonicalizedResource(Uri address, string storageAccountName)
StringBuilder sb = new StringBuilder("/").Append(storageAccountName).Append(address.AbsolutePath);
// It will have more entries if you have more query parameters.
NameValueCollection values = HttpUtility.ParseQueryString(address.Query);
foreach (var item in values.AllKeys.OrderBy(k => k))
sb.Append('\n').Append(item).Append(':').Append(values[item]);
return sb.ToString().ToLower();
【问题讨论】:
两件事:1)为什么不使用Storage SDK? 2)查看错误响应的响应正文。您应该在其中看到 Azure 服务使用的要签名的字符串。将其与您的MessageSignature
进行比较。两者应该完全匹配。
【参考方案1】:
如果你想用rest API上传文件到Azure Blob,请参考傻瓜代码
我定义了一个类来获取 ShareKey
internal static class AzureStorageAuthenticationHelper
internal static AuthenticationHeaderValue GetAuthorizationHeader(
string storageAccountName, string storageAccountKey, DateTime now,
HttpRequestMessage httpRequestMessage, string ifMatch = "", string md5 = "")
// This is the raw representation of the message signature.
HttpMethod method = httpRequestMessage.Method;
String MessageSignature = String.Format("0\n\n\n1\n5\n\n\n\n2\n\n\n\n34",
method.ToString(),
(method == HttpMethod.Get || method == HttpMethod.Head) ? String.Empty
: httpRequestMessage.Content.Headers.ContentLength.ToString(),
ifMatch,
GetCanonicalizedHeaders(httpRequestMessage),
GetCanonicalizedResource(httpRequestMessage.RequestUri, storageAccountName),
md5);
// Now turn it into a byte array.
byte[] SignatureBytes = Encoding.UTF8.GetBytes(MessageSignature);
// Create the HMACSHA256 version of the storage key.
HMACSHA256 SHA256 = new HMACSHA256(Convert.FromBase64String(storageAccountKey));
// Compute the hash of the SignatureBytes and convert it to a base64 string.
string signature = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));
// This is the actual header that will be added to the list of request headers.
// You can stop the code here and look at the value of 'authHV' before it is returned.
AuthenticationHeaderValue authHV = new AuthenticationHeaderValue("SharedKey",
storageAccountName + ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes)));
return authHV;
private static string GetCanonicalizedHeaders(HttpRequestMessage httpRequestMessage)
var headers = from kvp in httpRequestMessage.Headers
where kvp.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)
orderby kvp.Key
select new Key = kvp.Key.ToLowerInvariant(), kvp.Value ;
StringBuilder sb = new StringBuilder();
// Create the string in the right format; this is what makes the headers "canonicalized" --
// it means put in a standard format. http://en.wikipedia.org/wiki/Canonicalization
foreach (var kvp in headers)
StringBuilder headerBuilder = new StringBuilder(kvp.Key);
char separator = ':';
// Get the value for each header, strip out \r\n if found, then append it with the key.
foreach (string headerValues in kvp.Value)
string trimmedValue = headerValues.TrimStart().Replace("\r\n", String.Empty);
headerBuilder.Append(separator).Append(trimmedValue);
// Set this to a comma; this will only be used
// if there are multiple values for one of the headers.
separator = ',';
sb.Append(headerBuilder.ToString()).Append("\n");
return sb.ToString();
private static string GetCanonicalizedResource(Uri address, string storageAccountName)
// The absolute path is "/" because for we're getting a list of containers.
StringBuilder sb = new StringBuilder("/").Append(storageAccountName).Append(address.AbsolutePath);
// Address.Query is the resource, such as "?comp=list".
// This ends up with a NameValueCollection with 1 entry having key=comp, value=list.
// It will have more entries if you have more query parameters.
NameValueCollection values = HttpUtility.ParseQueryString(address.Query);
foreach (var item in values.AllKeys.OrderBy(k => k))
sb.Append('\n').Append(item).Append(':').Append(values[item]);
return sb.ToString().ToLower();
-
上传
FileInfo fileInfo = new FileInfo("D:\\sampleData\\readsample.jpg");
string blobName = fileInfo.Name;
string contentType = MimeMapping.GetMimeMapping(blobName);
DateTime now = DateTime.UtcNow;
string blobURI = string.Format("https://0.blob.core.windows.net/1/2", StorageAccountName, "test", blobName);
using (var httpRequestMessage = new HttpRequestMessage(HttpMethod.Put, blobURI))
httpRequestMessage.Headers.Add("x-ms-date", now.ToString("R", CultureInfo.InvariantCulture));
httpRequestMessage.Headers.Add("x-ms-version", "2020-06-12");
httpRequestMessage.Headers.Add("x-ms-blob-type", "BlockBlob");
httpRequestMessage.Headers.Add("x-ms-blob-content-type", contentType);
httpRequestMessage.Content = new StreamContent(fileInfo.OpenRead());
httpRequestMessage.Headers.Authorization = AzureStorageAuthenticationHelper.GetAuthorizationHeader(
StorageAccountName, StorageAccountKey, now, httpRequestMessage);
// Send the request.
using (HttpResponseMessage httpResponseMessage = await new HttpClient().SendAsync(httpRequestMessage))
// If successful (status code = 200),
// parse the XML response for the container names.
if (httpResponseMessage.StatusCode == HttpStatusCode.Created)
Console.WriteLine("OK");
此外,使用 Azure SDK 实现上传进度是一种简单的方法。 azure sdk的使用方法请参考here。
【讨论】:
感谢您的解决方案,现在它正在工作,但现在我面临大小限制问题。有什么解决办法吗? @JitendraKumar 如果要上传大文件,需要使用put block
:docs.microsoft.com/en-us/rest/api/storageservices/put-block在chuck中上传,然后使用put block list
:docs.microsoft.com/en-us/rest/api/storageservices/…将所有块提交为blob
@JitendraKumar 另外如果你想上传大文件,我建议你使用Azure SDK来做,很简单:docs.microsoft.com/en-us/dotnet/api/…以上是关于Azure 存储休息 API(放置 Blob API)的主要内容,如果未能解决你的问题,请参考以下文章
我正在尝试在 azure synapse 中创建链接服务(休息),但我没有授权
向 Azure Blob 存储发出 GET 请求时授权失败 [REST API][Azure Blob 存储]
请求令牌时如何在 Azure 存储 Blob 中为 REST 请求指定范围? [AZURE-BLOB][REST API]
Azure Blob PHP SDK - 直接从自定义多部分 API 请求上传到 Azure 存储
在 Azure 存储 [REST] [Azure Blob] 中对 PUT Blob 的 REST api 调用中的身份验证失败