无法授权对 Azure 表服务的查询

Question

我正在尝试设置一个 API 来从 Azure 表存储中获取信息。我一直在关注文档 here 和 SO here 上的类似问题，但我无法让它工作。我收到 HTTP 403 错误 “服务器无法验证请求。确保 Authorization 标头的值正确形成，包括签名。”。这是代码。现在我只是尝试对 /Tables 资源进行基本查询以开始工作，但最终我将查询特定的 rowID。

const crypto = require("crypto");
const request = require('request-promise-native');
const yourStorageAccountName = 'XXXXXXXX';

let CanonicalizedResource = `${yourStorageAccountName}/Tables`;
let url = `https://${yourStorageAccountName}.table.core.windows.net/Tables`;

let now = new Date();
let nowUTC = now.toUTCString();

let stringToSign = `GET\n\n\n${nowUTC}\n${CanonicalizedResource}`;
let accesskey = `YYYYYYYY`;
let key = new Buffer(accesskey, "base64");
let hmac = crypto.createHmac("sha256", key);
hmac.update(stringToSign);
let sig = hmac.digest("base64");
console.log("SIGNATURE : " + sig);
console.log("nowutc : " + nowUTC);
let headers = {
        "Authorization": "SharedKey " + yourStorageAccountName + ":" + sig,
        "x-ms-date": nowUTC,
        "Date": nowUTC,
        "x-ms-version": "2015-12-11"
};

var response = request({
    url: url,
    method: 'GET',
    headers: headers
});

console.log(response);

Answer 1

根据我的测试，我们可以使用以下代码来创建共享密钥

const accesskey=""
    const storageAccount = ""
    const resource = "Tables"

    const data =  new Date(Date.UTC(2020, 1, 2, 3, 4, 5));
    const GMTTime = data.toUTCString()
    console.log(GMTTime)

    //Shared Key authorization
    const StringToSign= "GET"+"\n"
                           +"\n"
                           +"\n"
                           + GMTTime +"\n"
                           +"/"+ storageAccount+"/"+resource

    const Sig = crypto.createHmac('sha256', Buffer.from(accesskey, 'base64')).update(StringToSign, 'utf8').digest('base64');
    console.log(Sig)

    //Shared Key Lite authorization
    const stringToSign = GMTTime +"\n"+"/"+ storageAccount+"/"+resource
    const sig = crypto.createHmac('sha256', Buffer.from(accesskey, 'base64')).update(stringToSign, 'utf8').digest('base64');
    console.log(sig)

测试(Query tables) 1. 共享密钥授权

GET https://myaccount.table.core.windows.net/Tables
Headers
       Authorization : SharedKey <account name>:kHl5K0AzsG7M32***AoxmCFY=
       x-ms-date : <the data you use to create share key>
       Accept : application/json;odata=nometadata
       x-ms-version : 2017-04-17

1. Shared Key Lite 授权

GET https://myaccount.table.core.windows.net/Tables
Headers
       Authorization : SharedKeyLite <account name>:0fADhBTi7tvtm***h69Y433c=
       x-ms-date : <the data you use to create share key>
       Accept : application/json;odata=nometadata
       x-ms-version : 2017-04-17

另外，如果要使用Azure Table nodejs sdk azure-storage，请参考document和sample

1. 安装 SDK

npm install azure-storage

1. 代码

var azure=require('azure-storage')
async function main() {
    const accesskey=""
    const storageAccount = ""
    var tableService=azure.createTableService(storageAccount,accesskey);
    tableService.listTablesSegmented(null,function(error,result){

        if(error){
           console.log(error)

        }else{

            for (var i = 0, table; table = result.entries[i]; i++) {
                console.log(table)
            }

        }

    })
  }

  // An async method returns a Promise object, which is compatible with then().catch() coding style.
  main()
    .then(() => {
      console.log("Successfully executed the sample.");
    })
    .catch((err) => {
      console.log(err.message);
    });