javascript – Azure存储服务REST API的授权
作者:互联网
我第一次打电话给Azure Storage REST API,一直困扰着我. Postman的回复显示,这是由于Azure身份验证中的错误,但我不知道问题是什么.
以下是发送Azure存储REST API的浏览器脚本:
function azureListContainers() {
var key = "key-copied-from-azure-storage-account";
var strTime = (new Date()).toUTCString();
var strToSign = 'GET\n\n\n\nx-ms-date:' + strTime + '\nx-ms-version:2015-12-11\n/myaccount/?comp=list';
var hash = CryptoJS.HmacSHA256(strToSign, key);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = "SharedKeyLite myaccount:"+hashInBase64;
console.log(strToSign);
console.log(auth);
console.log(strTime);
$.ajax({
type: "GET",
beforeSend: function (request)
{
request.setRequestHeader("Authorization", auth);
request.setRequestHeader("x-ms-date", strTime);
request.setRequestHeader("x-ms-version", "2015-12-11");
},
url: "https://myaccount.blob.core.windows.net/?comp=list",
processData: false,
success: function(msg) {
console.log(msg);
}
});
}
Chrome Developer Tool刚刚返回No’Access-Control-Allow-Origin’标题而没有其他原因,因此我复制了var auth和var strTime的内容,使用Postman工具创建了相同的请求:
[Command]
GET https://myaccount.blob.core.windows.net/?comp=list
[Headers]
Authorization:SharedKeyLite myaccount:Z9/kY/D+osJHHz3is+8yJRqhj09VUlr5n+PlePUa8Lk=
x-ms-date:Tue, 09 Aug 2016 10:30:49 GMT
x-ms-version:2015-12-11
[Response Body]
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:9be3d595-0001-0012-4929-f2fde2000000
Time:2016-08-09T10:31:52.6542965Z</Message>
<AuthenticationErrorDetail>The MAC signature found in the HTTP request 'Z9/kY/D+osJHHz3is+8yJRqhj09VUlr5n+PlePUa8Lk=' is not the same as any computed signature. Server used following string to sign: 'GET
x-ms-date:Tue, 09 Aug 2016 10:30:49 GMT
x-ms-version:2015-12-11
/myaccount/?comp=list'.</AuthenticationErrorDetail>
</Error>
在对两个字符串进行diff之后,我相信我的脚本中的var strToSign与用于签名的字符串Azure相同.但仍然存在身份验证错误.请帮助说明问题所在.
解决方法:
Chrome Developer Tool just returned No ‘Access-Control-Allow-Origin’ header
当您使用javascript直接从客户端向Azure存储服务器发送http请求时.这是一个常见的CORS问题.
当您遇到此问题时,可以使用enable the CORS for your storage services.简单来说,您可以利用Microsoft Azure Storage Explorer来配置存储.
AuthenticationFailed
我在我的测试项目中根据您的代码片段进行了两次修改,以使其工作.
> var hash = CryptoJS.HmacSHA256(strToSign,key);第二个参数应该是来自帐户密钥的base64解码,参见Azure Storage SDK for node.js
>在我的测试中,我必须使用SharedKey方案并使用SharedKey令牌进行身份验证以使您的方案正常工作.
这是我的测试代码片段,仅供参考.
var key = "key-copied-from-azure-storage-account";
var strTime = (new Date()).toUTCString();
var strToSign = 'GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:' + strTime + '\nx-ms-version:2015-12-11\n/<accountname>/\ncomp:list';
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = "SharedKey <accountname>:"+hashInBase64;
此外,出于安全原因,请在后端Web服务器中实施Azure存储服务.在客户端使用纯JavaScript时,会将您的帐户名和帐户密钥公开,这会增加您的数据和信息的风险.
标签:javascript,azure-storage 来源: https://codeday.me/bug/20190929/1834219.html