使用 SAS 令牌检查容器是否存在

【问题标题】:Checking existence of container with SAS token使用 SAS 令牌检查容器是否存在
【发布时间】:2018-12-13 18:24:07
【问题描述】:

我正在使用 SAS 令牌来初始化 CloudBlobContainer,如下所示。 

  CloudBlobContainer blobContainer = new CloudBlobContainer(new Uri(sasToken));

现在使用 sasToken 初始化成功,但是当我使用 blobContainer.Exists() 时,我得到 403 禁止 异常。

有没有办法检查令牌的有效性?

目前我正在尝试将数据添加到容器中。如果它引发异常,我假设它是错误的 SAS url。

我只有容器的写入权限。

谢谢。

【问题讨论】:

  • 你已经在做正确的事了。由于SAS只有Write权限,所以只能通过写来验证。

标签: azure-storage azure-blob-storage


【解决方案1】:

现在使用 sasToken 初始化成功,但是当我使用 blobContainer.Exists() 时,我收到 403 禁止异常。 有没有办法检查token的有效性?

blobContainer.Exists() 需要读取权限。并且只有 Account SAS 可以操作容器服务层。服务 SAS 没有此权限。你可以阅读这个link

我创建了两个简单的演示,其中 SAS 令牌包括写入和读取权限。它工作正常。你可以参考我的代码:

对于服务 SAS,我设置了容器的写入和读取权限。但是你没有权限得到blobContainer.Exists()的结果:

控制台代码:

class Program
{
    static CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
    static void Main(string[] args)
    {
        CloudBlobClient client = storageAccount.CreateCloudBlobClient();
        var container = client.GetContainerReference("orders");
        string sasUri = GetContainerSasUri(container, null);  //create SAS for container by using storage account
        Console.WriteLine("SAS uri:" + sasUri);
        string containerSas = sasUri;
         UseContainerSAS(containerSas);

    }
    static void UseContainerSAS(string sas)
    {
        //Try performing container operations with the SAS provided.
        //Return a reference to the container using the SAS URI.
        CloudBlobClient client = storageAccount.CreateCloudBlobClient();
        CloudBlobContainer container = new CloudBlobContainer(new Uri(sas));//container use SAS
        //1. test Read permissions
        try
        {
            bool b = container.Exists();
            Console.WriteLine("container exists: " + b);
        }catch(StorageException e)
        {
            Console.WriteLine("Read permission in Container: " + e.Message);
        }
        CloudBlockBlob blockBlob = container.GetBlockBlobReference("peter.txt"); //blob named peter
        //2. test Write permission 
        try
        {
            CloudBlockBlob blockBlobWrite = container.GetBlockBlobReference("peter.txt"); //blob named peter2
            // Save blob contents to a file.
            using (var fileStream = System.IO.File.OpenWrite(@"D:\log.txt"))
            {
                blockBlobWrite.DownloadToStream(fileStream);
                Console.WriteLine("Write content to blob successfully");
            }
        }
        catch (StorageException e)
        {
            Console.WriteLine("Write permission: " + e.Message);
        };
        //3. test Delete permission
        try
        {
            blockBlob.Delete();
            Console.WriteLine("Delete blob successfully.");
        }
        catch (StorageException e)
        {
            Console.WriteLine("Delete permission:" + e.Message);
        }
        Console.WriteLine();
    }
    //The method to create sas token for container
    private static string GetContainerSasUri(CloudBlobContainer container, string storedPolicyName = null)
    {
        string sasContainerToken;

        // If no stored policy is specified, create a new access policy and define its constraints.
        if (storedPolicyName == null)
        {              
            SharedAccessBlobPolicy adHocPolicy = new SharedAccessBlobPolicy()
            {
                SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(24), //set 24min
                //set permissions for container
                Permissions = SharedAccessBlobPermissions.Write |SharedAccessBlobPermissions.Read
            };
            // Generate the shared access signature on the container, setting the constraints directly on the signature.
            sasContainerToken = container.GetSharedAccessSignature(adHocPolicy, null);
            Console.WriteLine("SAS for blob container (ad hoc): {0}", sasContainerToken);
            Console.WriteLine();
        }
        else
        {
            sasContainerToken = container.GetSharedAccessSignature(null, storedPolicyName);
            Console.WriteLine("SAS for blob container (stored access policy): {0}", sasContainerToken);
            Console.WriteLine();
        }
        // Return the URI string for the container, including the SAS token.
        return container.Uri + sasContainerToken;
    }
}

关于 Service SAS 的结果:

对于账户 SAS,您有权获取关于container.Exists() 的结果。

获取帐户 SAS:Azure 门户>存储帐户>设置>SAS>选择读写权限>生成 SAS>复制 blob 服务 SAS url。

控制台中的代码:

string accountSasToken = "blob service SAS url";
StorageCredentials accountSAS = new StorageCredentials(accountSasToken);
CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, " storage account name", endpointSuffix:null, useHttps: true);
CloudBlobClient client = accountWithSAS.CreateCloudBlobClient();
CloudBlobContainer container = client.GetContainerReference("orders");
try
{
    bool b = container.Exists();
    Console.WriteLine("container exists: " + b);
}
catch (StorageException e)
{
    Console.WriteLine("Read permission in Container: " + e.Message);
}
try
{
    CloudBlockBlob blockBlobWrite = container.GetBlockBlobReference("peter.txt"); //blob named peter2
    // Save blob contents to a file.
    using (var fileStream = System.IO.File.OpenWrite(@"D:\log.txt"))
    {
        blockBlobWrite.DownloadToStream(fileStream);
        Console.WriteLine("Write content to blob successfully");
    }
}
catch (StorageException e)
{
    Console.WriteLine("Write permission: " + e.Message);
}

关于 Account SAS 的结果:

【讨论】:

    猜你喜欢
    • 2021-06-30
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2014-11-26
    • 2012-04-11
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode