如何找到共享访问令牌过期的bloburl?

azure azure-storage-blobs

688 观看

4回复

104 作者的声誉

我已经写了下面的代码来获取具有缓存到期令牌的blob url,实际上设置了2个小时来使blob url到期,

            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
           CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
                         CloudBlobContainer container = blobClient.GetContainerReference(containerName);
            CloudBlockBlob blockBlob = container.GetBlockBlobReference("blobname");
            //Create an ad-hoc Shared Access Policy with read permissions which will expire in 2 hours
            SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
            {
                Permissions = SharedAccessBlobPermissions.Read,
                SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2),
            };

            SharedAccessBlobHeaders headers = new SharedAccessBlobHeaders()
            {
                ContentDisposition = string.Format("attachment;filename=\"{0}\"", "blobname"),
            };
            var sasToken = blockBlob.GetSharedAccessSignature(policy, headers);
            blobUrl = blockBlob.Uri.AbsoluteUri + sasToken;

使用上面的代码我得到带有效到期令牌的blob网址,现在我想检查blob网址是否在一个客户端应用程序中有效。我通过传递URL并获取响应状态代码来尝试Web请求和http客户端方法。如果响应代码是404,那么我假设URL已过期,如果URL仍然有效,但这种方法需要更多时间。

请以任何其他方式建议我。

作者: user3240560 的来源 发布者: 2015 年 4 月 7 日

回应 (4)


0

70354 作者的声誉

几天前我也遇到了同样的问题。我实际上期望存储服务在SAS令牌过期时返回403错误代码,但存储服务返回404错误。

鉴于我们没有任何其他选项,您执行此操作的方式是唯一可行的方法,但它仍然不正确,因为如果存储帐户中不存在blob,则可能会出现404错误。

作者: Gaurav Mantri 发布者: 07.04.2015 03:42

0

3298 作者的声誉

也许您可以从生成的SAS中解析“se”参数,这意味着到期时间,例如“se = 2013-04-30T02%3A23%3A26Z”。但是,由于服务器时间可能与客户端时间不同,因此解决方案可能不稳定。

http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/

作者: Zhaoxing Lu - Microsoft 发布者: 08.04.2015 08:10

1

690 作者的声誉

我尝试运行与你的代码非常相似的代码,我收到403错误,这实际上是在这种情况下的预期。根据您的问题,我不确定403是否比404更有帮助。以下是在控制台应用程序中运行的代码,返回403:

class Program
{
    static void Main(string[] args)
    {
        string blobUrl = CreateSAS();
        CheckSAS(blobUrl);

        Console.ReadLine();
    }

    //This method returns a reference to the blob with the SAS, and attempts to read it.
    static void CheckSAS(string blobUrl)
    {
        CloudBlockBlob blob = new CloudBlockBlob(new Uri(blobUrl));

        //If the DownloadText() method is run within the two minute period that the SAS is valid, it succeeds.
        //If it is run after the SAS has expired, it returns a 403 error.
        //Sleep for 3 minutes to trigger the error.
        System.Threading.Thread.Sleep(180000);
        Console.WriteLine(blob.DownloadText());
    }

    //This method creates the SAS on the blob.
    static string CreateSAS()
    {
        string containerName = "forum-test";
        string blobName = "blobname";
        string blobUrl = "";

        CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
        CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
        CloudBlobContainer container = blobClient.GetContainerReference(containerName);
        container.CreateIfNotExists();

        CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName + DateTime.Now.Ticks);
        blockBlob.UploadText("Blob for forum test");

        //Create an ad-hoc Shared Access Policy with read permissions which will expire in 2 hours
        SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
        {
            Permissions = SharedAccessBlobPermissions.Read,
            SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2),
        };

        SharedAccessBlobHeaders headers = new SharedAccessBlobHeaders()
        {
            ContentDisposition = string.Format("attachment;filename=\"{0}\"", blobName),
        };
        var sasToken = blockBlob.GetSharedAccessSignature(policy, headers);
        blobUrl = blockBlob.Uri.AbsoluteUri + sasToken;

        return blobUrl;
    }
}

在某些情况下,SAS故障确实返回404,这可能会导致使用SAS进行故障排除操作时出现问题。Azure存储团队了解此问题,在将来的版本中,SAS故障可能会返回403。有关解决404错误的帮助,请参阅http://azure.microsoft.com/en-us/documentation/articles/storage-monitoring-diagnosing-troubleshooting/#SAS-authorization-issue

作者: Tamra Myers - Microsoft 发布者: 10.04.2015 10:53

0

1073 作者的声誉

您正在使用UTC时间SharedAccessExpiryTime(请参阅https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1#parameters-中的 “到期时间” - 共同账户 - sas-and-service-sas-tokens)。

然后,se在实际使用令牌之前,可以在客户端侧根据当前UTC时间检查其值的令牌中的到期时间。通过这种方式,您可以避免额外调用Blob存储,以确定令牌是否已过期。

作者: Amir Keibi 发布者: 01.11.2018 07:43
32x32