使用 ASP.NET 在 Windows Azure blob 存储上设置 CORS

Question

我正在尝试在我的 Windows Azure blob 存储帐户上设置 CORS 属性。我正在使用 ASP.NET 服务器发送 PUT 请求。

服务器正在发回一个 Forbidden 响应，说“服务器无法验证请求。确保 Authorization 标头的值正确形成，包括签名。”

所以它一定是我的身份验证标头中的某些内容。这是我用来获取标题的两个函数。

public string GetWindowsAzureAuthenticationHeader(string verb)
{
    string stringToSign = String.Format("{0}\n"
                                        + "\n" // content encoding
                                        + "\n" // content language
                                        + "\n" // content length
                                        + "\n" // content md5
                                        + "\n" // content type
                                        + "\n" // date
                                        + "\n" // if modified since
                                        + "\n" // if match
                                        + "\n" // if none match
                                        + "\n" // if unmodified since
                                        + "\n" // range
                                        + "x-ms-date:" + DateTime.UtcNow.ToString("R") + "\nx-ms-version:2013-08-15\n" // headers
                                        + "/{1}\ncomp:properties\nrestype:service", verb, CloudConfig.StorageAccountName);

    return SignThis(stringToSign, CloudConfig.StorageAccountKey, CloudConfig.StorageAccountName);
}

private string SignThis(string stringToSign, string key, string account)
{
    string signature;
    var unicodeKey = Convert.FromBase64String(key);
    using (var hmacSha256 = new HMACSHA256(unicodeKey))
    {
        var dataToHmac = Encoding.UTF8.GetBytes(stringToSign);
        signature = Convert.ToBase64String(hmacSha256.ComputeHash(dataToHmac));
    }

    String authorizationHeader = String.Format(
        CultureInfo.InvariantCulture,
        "{0} {1}:{2}",
        "SharedKey",
        account,
        signature);

    return authorizationHeader;
}

这是发送请求的控制器操作。 _mediaFactory.GetWindowsAzureCors 方法通过我的 CORS 请求返回 XML 文件的内容。

var content = Encoding.UTF8.GetBytes(_mediaFactory.GetWindowsAzureCors(ControllerContext.HttpContext.Server));
var request = (HttpWebRequest)WebRequest.Create(CloudConfig.StorageAccountUri);

request.Method = "PUT";
request.Headers.Add("x-ms-date", DateTime.UtcNow.ToString("R"));
request.Headers.Add("x-ms-version", "2013-08-15");
request.ContentType = "text/plain; charset=UTF-8";
request.Host = string.Format("{0}.blob.core.windows.net", CloudConfig.StorageAccountName);
request.Headers.Add("Authorization", _mediaFactory.GetWindowsAzureAuthenticationHeader(request.Method));

request.GetRequestStream().Write(content, 0, content.Length);
using (var response = (HttpWebResponse) request.GetResponse())
{
    model.StatusCode = response.StatusCode;
    model.Response = response.StatusDescription;
}

我做错了什么？

Answer 1

其实很简单。

首先，在项目中添加对 Azure 存储客户端库的引用。如果您使用的是 Nuget，您要安装的软件包是 WindowsAzure.Storage。

之后，设置 CORS 设置的函数是SetServiceProperties。这是执行此操作的示例代码：

            CloudStorageAccount storageAccount = new CloudStorageAccount(new Microsoft.WindowsAzure.Storage.Auth.StorageCredentials(accountName, accountKey), true);
            var blobClient = storageAccount.CreateCloudBlobClient();
            ServiceProperties blobServiceProperties = new ServiceProperties();
            blobServiceProperties.Cors.CorsRules.Add(new CorsRule(){
                AllowedHeaders = new List<string>() {"*"},
                ExposedHeaders = new List<string>() {"*"},
                AllowedMethods = CorsHttpMethods.Post | CorsHttpMethods.Put | ... Other Allowed Methods,
                AllowedOrigins = new List<string>() {"http://yourdomain.com", "https://yourdomain.com", "blah", "blah", "blah"},
                MaxAgeInSeconds = 3600,
            });
            blobClient.SetServiceProperties(blobServiceProperties);