Azure 存储休息 API(放置 Blob API)

Posted

技术标签:

【中文标题】Azure 存储休息 API(放置 Blob API)【英文标题】:Azure Storage Rest API (Put Blob API) 【发布时间】:2021-07-08 10:09:53 【问题描述】:

我正在尝试使用 Azure rest api 放置一个 blob。我成功发出“GET”请求,但“PUT”请求出现问题。当我尝试发出“PUT”请求时,我收到 403 错误(服务器无法验证请求。确保 Authorization 标头的值正确形成,包括签名。)。我在***中看到过同样的帖子,但它对我没有帮助。有什么建议吗?

 string uri = string.Format("https://0.blob.core.windows.net/1/LibraryForm.png",                storageAccountName,containerName);
        Byte[] requestPayload =  File.ReadAllBytes(imagepath);
        using (var httpRequestMessage = new HttpRequestMessage(HttpMethod.Put, uri)
         Content = (requestPayload == null) ? null : new ByteArrayContent(requestPayload) )
        

            // Add the request headers for x-ms-date and x-ms-version.
            DateTime now = DateTime.UtcNow;
            httpRequestMessage.Headers.Add("x-ms-date", now.ToString("R", CultureInfo.InvariantCulture));
            httpRequestMessage.Headers.Add("x-ms-version", "2020-06-12");
            httpRequestMessage.Headers.Add("x-ms-blob-type", "BlockBlob");
            httpRequestMessage.Headers.Add("x-ms-blob-content-type", "image/png");

            // Add the authorization header.
            httpRequestMessage.Headers.Authorization = GetAuthorizationHeader(
               storageAccountName, storageAccountKey, now, httpRequestMessage);
            // Send the request.
            using (HttpResponseMessage httpResponseMessage = await new HttpClient().SendAsync(httpRequestMessage))
            
                if (httpResponseMessage.StatusCode == HttpStatusCode.OK)
                
                    var str = httpResponseMessage.Content.ReadAsStringAsync().Result;
                    return str;
                
            
        


      internal static AuthenticationHeaderValue GetAuthorizationHeader(string storageAccountName, string storageAccountKey, DateTime now,
    HttpRequestMessage httpRequestMessage, string ifMatch = "", string md5 = "")
    
        // This is the raw representation of the message signature.
        HttpMethod method = httpRequestMessage.Method;
        String MessageSignature = String.Format("0\n\n\n1\n5\n\n\n\n2\n\n\n\n34",
                  method.ToString(),
                  (method == HttpMethod.Get || method == HttpMethod.Head) ? String.Empty
                    : httpRequestMessage.Content.Headers.ContentLength.ToString(),
                  ifMatch,
                  GetCanonicalizedHeaders(httpRequestMessage),
                  GetCanonicalizedResource(httpRequestMessage.RequestUri, storageAccountName),
                  md5);

        // Now turn it into a byte array.
        byte[] SignatureBytes = Encoding.UTF8.GetBytes(MessageSignature);

        // Create the HMACSHA256 version of the storage key.
        HMACSHA256 SHA256 = new HMACSHA256(Convert.FromBase64String(storageAccountKey));

        // Compute the hash of the SignatureBytes and convert it to a base64 string.
        string signature = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));

        // This is the actual header that will be added to the list of request headers.
        // You can stop the code here and look at the value of 'authHV' before it is returned.
        AuthenticationHeaderValue authHV = new AuthenticationHeaderValue("SharedKey",
            storageAccountName + ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes)));
        return authHV;
       
        
      private static string GetCanonicalizedHeaders(HttpRequestMessage httpRequestMessage)
    
        var headers = from kvp in httpRequestMessage.Headers
                      where kvp.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)
                      orderby kvp.Key
                      select new  Key = kvp.Key.ToLowerInvariant(), kvp.Value ;

        StringBuilder sb = new StringBuilder();

        // Create the string in the right format; this is what makes the headers "canonicalized" --
        //   it means put in a standard format. http://en.wikipedia.org/wiki/Canonicalization
        foreach (var kvp in headers)
        
            StringBuilder headerBuilder = new StringBuilder(kvp.Key);
            char separator = ':';

            // Get the value for each header, strip out \r\n if found, then append it with the key.
            foreach (string headerValues in kvp.Value)
            
                string trimmedValue = headerValues.TrimStart().Replace("\r\n", String.Empty);
                headerBuilder.Append(separator).Append(trimmedValue);

                // Set this to a comma; this will only be used
                //   if there are multiple values for one of the headers.
                separator = ',';
            
            sb.Append(headerBuilder.ToString()).Append("\n");
        
        return sb.ToString();
       
        
    private static string GetCanonicalizedResource(Uri address, string storageAccountName)
    
        StringBuilder sb = new StringBuilder("/").Append(storageAccountName).Append(address.AbsolutePath);

        // It will have more entries if you have more query parameters.
        NameValueCollection values = HttpUtility.ParseQueryString(address.Query);

        foreach (var item in values.AllKeys.OrderBy(k => k))
        
            sb.Append('\n').Append(item).Append(':').Append(values[item]);
        

        return sb.ToString().ToLower();

    

【问题讨论】:

两件事:1)为什么不使用Storage SDK? 2)查看错误响应的响应正文。您应该在其中看到 Azure 服务使用的要签名的字符串。将其与您的MessageSignature 进行比较。两者应该完全匹配。 【参考方案1】:

如果你想用rest API上传文件到Azure Blob,请参考傻瓜代码

我定义了一个类来获取 ShareKey

internal static class AzureStorageAuthenticationHelper
    
        
        internal static AuthenticationHeaderValue GetAuthorizationHeader(
           string storageAccountName, string storageAccountKey, DateTime now,
           HttpRequestMessage httpRequestMessage, string ifMatch = "", string md5 = "")
        
            // This is the raw representation of the message signature.
            HttpMethod method = httpRequestMessage.Method;
            String MessageSignature = String.Format("0\n\n\n1\n5\n\n\n\n2\n\n\n\n34",
                      method.ToString(),
                      (method == HttpMethod.Get || method == HttpMethod.Head) ? String.Empty
                        : httpRequestMessage.Content.Headers.ContentLength.ToString(),
                      ifMatch,
                      GetCanonicalizedHeaders(httpRequestMessage),
                      GetCanonicalizedResource(httpRequestMessage.RequestUri, storageAccountName),
                      md5);

            // Now turn it into a byte array.
            byte[] SignatureBytes = Encoding.UTF8.GetBytes(MessageSignature);

            // Create the HMACSHA256 version of the storage key.
            HMACSHA256 SHA256 = new HMACSHA256(Convert.FromBase64String(storageAccountKey));

            // Compute the hash of the SignatureBytes and convert it to a base64 string.
            string signature = Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes));

            // This is the actual header that will be added to the list of request headers.
            // You can stop the code here and look at the value of 'authHV' before it is returned.
            AuthenticationHeaderValue authHV = new AuthenticationHeaderValue("SharedKey",
                storageAccountName + ":" + Convert.ToBase64String(SHA256.ComputeHash(SignatureBytes)));
            return authHV;
        

        
        private static string GetCanonicalizedHeaders(HttpRequestMessage httpRequestMessage)
        
            var headers = from kvp in httpRequestMessage.Headers
                          where kvp.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)
                          orderby kvp.Key
                          select new  Key = kvp.Key.ToLowerInvariant(), kvp.Value ;

            StringBuilder sb = new StringBuilder();

            // Create the string in the right format; this is what makes the headers "canonicalized" --
            //   it means put in a standard format. http://en.wikipedia.org/wiki/Canonicalization
            foreach (var kvp in headers)
            
                StringBuilder headerBuilder = new StringBuilder(kvp.Key);
                char separator = ':';

                // Get the value for each header, strip out \r\n if found, then append it with the key.
                foreach (string headerValues in kvp.Value)
                
                    string trimmedValue = headerValues.TrimStart().Replace("\r\n", String.Empty);
                    headerBuilder.Append(separator).Append(trimmedValue);

                    // Set this to a comma; this will only be used 
                    //   if there are multiple values for one of the headers.
                    separator = ',';
                
                sb.Append(headerBuilder.ToString()).Append("\n");
            
            return sb.ToString();
        

      
        private static string GetCanonicalizedResource(Uri address, string storageAccountName)
        
            // The absolute path is "/" because for we're getting a list of containers.
            StringBuilder sb = new StringBuilder("/").Append(storageAccountName).Append(address.AbsolutePath);

            // Address.Query is the resource, such as "?comp=list".
            // This ends up with a NameValueCollection with 1 entry having key=comp, value=list.
            // It will have more entries if you have more query parameters.
            NameValueCollection values = HttpUtility.ParseQueryString(address.Query);

            foreach (var item in values.AllKeys.OrderBy(k => k))
            
                sb.Append('\n').Append(item).Append(':').Append(values[item]);
            

            return sb.ToString().ToLower();

        
    
    上传

                FileInfo fileInfo = new FileInfo("D:\\sampleData\\readsample.jpg");
                string blobName = fileInfo.Name;
                string contentType = MimeMapping.GetMimeMapping(blobName);
                DateTime now = DateTime.UtcNow;
                string blobURI = string.Format("https://0.blob.core.windows.net/1/2", StorageAccountName, "test", blobName);
                using (var httpRequestMessage = new HttpRequestMessage(HttpMethod.Put, blobURI))
                
                    httpRequestMessage.Headers.Add("x-ms-date", now.ToString("R", CultureInfo.InvariantCulture));
                    httpRequestMessage.Headers.Add("x-ms-version", "2020-06-12");
                    httpRequestMessage.Headers.Add("x-ms-blob-type", "BlockBlob");

                    httpRequestMessage.Headers.Add("x-ms-blob-content-type", contentType);
                    httpRequestMessage.Content = new StreamContent(fileInfo.OpenRead());
                    httpRequestMessage.Headers.Authorization = AzureStorageAuthenticationHelper.GetAuthorizationHeader(
                StorageAccountName, StorageAccountKey, now, httpRequestMessage);

                    // Send the request.
                    using (HttpResponseMessage httpResponseMessage = await new HttpClient().SendAsync(httpRequestMessage))
                    
                        // If successful (status code = 200), 
                        //   parse the XML response for the container names.
                        if (httpResponseMessage.StatusCode == HttpStatusCode.Created)
                        
                          
                        Console.WriteLine("OK");
                         

                        
                    
                

此外,使用 Azure SDK 实现上传进度是一种简单的方法。 azure sdk的使用方法请参考here。

【讨论】:

感谢您的解决方案,现在它正在工作,但现在我面临大小限制问题。有什么解决办法吗? @JitendraKumar 如果要上传大文件,需要使用put block:docs.microsoft.com/en-us/rest/api/storageservices/put-block在chuck中上传,然后使用put block list:docs.microsoft.com/en-us/rest/api/storageservices/…将所有块提交为blob @JitendraKumar 另外如果你想上传大文件,我建议你使用Azure SDK来做,很简单:docs.microsoft.com/en-us/dotnet/api/…

以上是关于Azure 存储休息 API(放置 Blob API)的主要内容,如果未能解决你的问题,请参考以下文章

我正在尝试在 azure synapse 中创建链接服务(休息),但我没有授权

向 Azure Blob 存储发出 GET 请求时授权失败 [REST API][Azure Blob 存储]

请求令牌时如何在 Azure 存储 Blob 中为 REST 请求指定范围? [AZURE-BLOB][REST API]

推送文档(blob)以进行索引 - Azure 搜索

Azure Blob PHP SDK - 直接从自定义多部分 API 请求上传到 Azure 存储

在 Azure 存储 [REST] [Azure Blob] 中对 PUT Blob 的 REST api 调用中的身份验证失败