我正在尝试使用API管理策略获取表实体。所以我在那里生成共享访问签名,但403 Forbidden已响应。
APIM政策(C#)
<set-variable name="presentTime" value="@( (DateTime.UtcNow).ToString("ddd, dd MMM yyyy hh:mm:ss ") + "GMT" )" />
<set-variable name="getTableEntityToken" value="@{
var storage_account = "XXXXXX";
var table = "XXXXXXXX";
var access_key = "XXXXXXXXXXXXXXXXXXXXXXXXXX";
var canonicalized_headers = "\n/" + storage_account + "/" + table;
string[] stringToSignArray = {
// VERB
"GET",
// Content-MD5
"",
// Content-Type
"",
// Date
context.Variables.GetValueOrDefault<string>("presentTime"),
};
string stringToSign = String.Join("\n", stringToSignArray) + canonicalized_headers;
using (var encoder = new HMACSH256(Convert.FromBase64String(access_key))) {
var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
var signature = Convert.ToBase64String(hash);
return signature;
}
}" />
<set-header name="Authorization" exists-action="override">
<value>@( "SharedKey " + "XXXXXXX:" + context.Variables.GetValueOrDefault<string>("getTableEntityToken") )</value>
</set-header>
<set-header name="x-ms-date" exists-action="override">
<value>@( context.Variables.GetValueOrDefault<string>("presentTime") )</value>
</set-header>
<set-header name="x-ms-version" exists-action="override">
<value>2015-12-11</value>
</set-header>
<set-header name="Accept" exists-action="override">
<value>application/json;odata=nometadata</value>
</set-header>
响应
{
"odata.error": {
"code": "AuthenticationFailed",
"message": {
"lang": "en-US",
"value": "Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:21877d9e-a002-0022-0dea-bc7d70000000\nTime:2018-03-16T05:50:10.3226402Z"
}
}
}
但是,我已经确认下面的php代码可以获得表实体。
PHP代码
$account = "XXXXXX";
$tablestoragename = "XXXXXXX";
$accessKey = "XXXXXXXXX";
$date = gmdate('D, d M Y H:i:s T',time());
$api_version = "2015-12-11";
$url = "https://$account.table.core.windows.net/$tablestoragename";
$method = "GET";
$accept = "application/json;odata=nometadata";
$stringToSign = [
// VERB
$method,
// Content-MD5
'',
// Content-Type
'',
// Date
$date,
];
$stringToSign = array_merge($stringToSign, ["/$account/$tablestoragename"]);
$stringToSign = implode("\n", $stringToSign);
$signature = base64_encode(hash_hmac('sha256', $stringToSign, base64_decode($accessKey), true));
$headers = [
"x-ms-date:{$date}",
"x-ms-version:$api_version",
"Authorization:SharedKey $account:{$signature}",
"Accept:$accept",
];
$ch = curl_init();
$options = array(
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_RETURNTRANSFER => TRUE,
);
$proxy_options = array(
CURLOPT_PROXY => 'http://XXXXXXXXXX',
CURLOPT_PROXYPORT => 'XXXX',
);
curl_setopt_array($ch, $proxy_options);
curl_setopt_array($ch, $options);
$response = curl_exec($ch);
var_dump($response);
echo curl_error($ch);
curl_close($ch);
所以似乎我无法将上面的PHP代码转换为c#。如果您有任何意见,请帮助我。
答案 0 :(得分:0)
请更改此行代码:
using (var encoder = new HMACSHA512(Encoding.UTF8.GetBytes(access_key)))
到
using (var encoder = new HMACSHA512(Convert.FromBase64String(access_key)))
这应该可以解决问题。
<强>更新
您在错误的地方进行了更改。请参阅以下正确的代码:
using (var encoder = new HMACSHA512(Convert.FromBase64String(access_key))) {
var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
var signature = Convert.ToBase64String(hash);
return signature;
}