如何使用 C# REST API 查找和删除 Azure 存储容器？

Question

这是我查找存储容器的代码：

var api = $"https://{storageAccountName}.blob.core.windows.net/?comp=list";
using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); //token obtained from https://storage.azure.com/
    client.BaseAddress = new Uri($"https://{storageAccountName}.blob.core.windows.net/");
    using (var responseGet = client.GetAsync(api).Result)
    {
        if (responseGet.IsSuccessStatusCode)
        {
            var xmlDocument = new XmlDocument();
            xmlDocument.LoadXml(responseGet.Content.ReadAsStringAsync().Result);
            foreach (XmlNode a in xmlDocument.DocumentElement.SelectNodes("Containers/Container"))
            {
                containerNameList.Add(a.SelectSingleNode("Name").FirstChild.Value);
            }
        }
    }
}

我遇到了一个错误：

`StatusCode: 403, ReasonPhrase: '服务器未能验证 要求。确保 Authorization 标头的值已形成 正确包括签名。'，版本：1.1，内容：

System.Net.Http.HttpConnection+HttpConnectionResponseContent, Headers:
{
  Server: Windows-Azure-Blob/1.0
  Server: Microsoft-HTTPAPI/2.0
  x-ms-request-id: 9d70d7ff-901e-0096-4c5b-aec38d000000
  Date: Mon, 09 Dec 2019 06:38:16 GMT
  Content-Length: 438
  Content-Type: application/xml
}`

我从https://storage.azure.com/获得了访问令牌

这是删除存储容器的代码：

var strApi = $"https://{storageAccountName}.blob.core.windows.net/{storageContainerName}?restype=container";
using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
    client.BaseAddress = new Uri(BaseManagementUri);
    using (var responseGet = client.DeleteAsync(strApi).Result)
    {
        if (responseGet.IsSuccessStatusCode)
        {
            log.LogInformation($"Deleted {storageAccountName}");
        }
        else
        {
            log.LogWarning($"Failed to deleted {storageAccountName}\n{responseGet.Content.ReadAsByteArrayAsync().Result}");
        }
    }
}

如何获取正确的访问令牌以及上述操作所需的所有标头？

Answer 1

根据我的研究，我们可以使用 Azure Active Directory (AD) 来授权对 Blob 存储的请求。更多详情请参考document

详细步骤如下。

1. 创建服务主体并将Storage Blob Data Contributor 角色分配给sp。您可以参考article 以了解有关如何操作的更多详细信息。

az ad sp create-for-rbac --name "" --scope <"/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>"> --role "Storage Blob Data Contributor"

1. Get Azure AD access token

URL : https://login.microsoftonline.com/{tenant}/v2.0/token
Method : POST
Headers : Content-Type: application/x-www-form-urlencoded
Body :
       "grant_type" : "client_credentials"
       "scope" : "https://storage.azure.com/.default"
       "client_id" : "<your sp app id>"
       "client_secret" : "<your sp password>"

1. 调用 Azure Blob rest api
   • 列出容器

URL: https://myaccount.blob.core.windows.net/?comp=list
Method: Get
Headers:
         x-ms-version : 2019-02-02
         Authorization: Bearer <access token>

• 删除容器

URL: https://myaccount.blob.core.windows.net/mycontainer?restype=container  
Method : DELETE
Headers:
         x-ms-version : 2019-02-02
         Authorization: Bearer <access token>

此外，如果您想使用 Azure MSI 执行此操作，请参阅 blog

---

更新

关于如何在Azure函数中使用MSI调用Azure storage rest api，请参考以下步骤。 1.Adding a system-assigned identity

1. 将存储 Blob 数据参与者角色分配给 MSI

2. 代码

using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using System.Xml.Linq;
using Microsoft.Azure.Services.AppAuthentication;
using RestSharp;
using System.Text;

namespace TestFunV2
{
    public static class Function1
    {
        [FunctionName("Function1")]
        public static async Task<IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");

            var tokenProvider = new AzureServiceTokenProvider();
            var accesstoken = await tokenProvider.GetAccessTokenAsync("https://storage.azure.com/");

            var client = new RestClient("https://hurystorage.blob.core.windows.net/?comp=list");
            var request = new RestRequest(Method.GET);

            request.AddHeader("Authorization", "Bearer " + accesstoken);
            request.AddHeader("x-ms-version", "2019-02-02");
            IRestResponse response = await client.ExecuteTaskAsync(request);

            if (response.IsSuccessful) {
                var xmlstring = response.Content;
                string _byteOrderMarkUtf8 = Encoding.UTF8.GetString(Encoding.UTF8.GetPreamble());
                if (xmlstring.StartsWith(_byteOrderMarkUtf8))
                {
                    xmlstring = xmlstring.Remove(0, _byteOrderMarkUtf8.Length);
                }
                XElement x = XElement.Parse(xmlstring);
                foreach (XElement container in x.Element("Containers").Elements("Container"))
                {
                    log.LogInformation("Container name = {0}", container.Element("Name").Value);

                }
                return (ActionResult)new OkObjectResult("ok");
            }
            return new BadRequestObjectResult("failure");


        }
    }
}

Answer 2

也许这个视频对你有帮助，它是如何删除一个或所有容器，使用前缀搜索并删除，你可以下载描述中的代码。

 foreach (var container in blobClient.ListContainers("PREFIJO_A_COINCIDIR")) // Por cada contenedor en la lista con búsqueda "Prejifo_a_coincidir" hace lo siguiente
            {
                await Task.Delay(500);
                if (container.Properties.LeaseState == LeaseState.Leased)
                {
                    await container.BreakLeaseAsync(null);
                }
                await container.DeleteAsync();
                await Task.Delay(500);
               
            }

enter code here

您可以将 texbox 绑定到前缀并创建特殊搜索。

https://www.youtube.com/watch?v=sUwLZ1FP2Qk

Link video