将 Azure Blob 存储 REST api 与 https 结合使用

Question

我正在尝试针对 azure 存储 API 向不公开可见的帐户发出请求，并且需要对请求进行身份验证。

我试图关注此页面的标题： https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx

我根本无法完成这项工作。我总是收到“ResourceNotFound”错误，我无法解释，因为我绝对没有输入错误的存储帐户或容器名称。我还使用相同的帐户、容器和密钥成功连接到 Power BI。

我唯一能想到的可能是签名的生成，我可能会迷失在编码中（我第一次做这样的事情）..但这并不能解释错误消息是“资源未找到”。这是请求（R）的代码：

#azure storage endpoint to hit against
account <- "myaccount"
container <- "mycontainer"
requestProperties <- "comp=list"
endPoint <- paste("https://", account, ".blob.core.windows.net/", sep = "")
endPoint
#[1] "https://myaccount.blob.core.windows.net/"


#date header
timeStamp <- Sys.time()
timeString <- format(timeStamp, format="%y-%m-%d %H:%M:%S", tz="GMT", usetz = TRUE)
timeString <- "Fri, 30 Sep 2016 14:54:30 GMT"
dateHeader <- paste("x-ms-date", timeString, sep = ":")
dateHeader
#[1] "x-ms-date:Fri, 30 Sep 2016 14:54:30 GMT"

#version header
versionHeader <- "x-ms-version:2015-02-21"

#authorization header
requestVerb <- "GET"
authType <- "SharedKey"
azureKey <- "myAccountKey"

newLines <- "\n\n\n\n\n\n\n\n\n\n"
canonicalizedHeaders <- paste(dateHeader,versionHeader, sep = "\n")

#build canonicalized resource
resourceAccount <- paste("/",account, sep = "")
resourceContainer <- paste ("/",container, sep = "")
resource <- paste(resourceAccount, resourceContainer, sep = " ")

canonicalizedResource <- paste(resource, requestProperties, sep = "\n")
canonicalizedResource
#[1] "/myaccount /mycontainer\ncomp=list"

#build authentication signed string
stringToSign <- paste(requestVerb, newLines, canonicalizedHeaders, canonicalizedResource, sep = "\n")
stringToSign <- enc2utf8(stringToSign)
stringToSign
#[1] "GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:Fri, 30 Sep 2016 14:54:30 GMT\nx-ms-version:2015-02-21\n/myaccount /mycontainer\ncomp=list"

Signature  <- digest::hmac(object = stringToSign, key = azureKey, algo = "sha256", serialize = FALSE)

#authentication header
authorization <- paste(account, Signature, sep = ":")
authorization
#[1] "myaccount:b4761595ea09d0e9d56223bd0a14233bca2b9fc3bb043031586215942f5c6d06"

authHeader <- paste("Authorization:", authType, authorization, sep = " ")
authHeader
#[1] "Authorization: SharedKey myaccount:b4761595ea09d0e9d56223bd0a14233bca2b9fc3bb043031586215942f5c6d06"


#build the actual request
request <- paste(endPoint, requestProperties, sep = "?")
request
#[1] "https://myaccount.blob.core.windows.net/?comp=list"

azureRequest <- httr::GET(request, httr::add_headers(dateHeader, versionHeader, authHeader))
responseContent <- httr::content(azureRequest, as = "text")
responseContent
#[1] "<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.\nRequestId:b1e87500-0001-0003-6231-1b7598000000\nTime:2016-09-30T15:44:52.3452448Z</Message></Error>"

我在生成请求时是否遗漏了什么？我是否需要对我的帐户进行某些操作以允许通过 REST API 进行访问？

Answer 1

尝试使用 http://storageexplorer.com/ 工具访问 blob，看看是否可以访问 blob。

这是一个线程，提供了如何使用 SAS/帐户名称为 REST API 构造授权标头的示例代码。
Azure - call Storage rest api for list blobs

Answer 2

您是否有理由不使用为您执行此逻辑的存储 SDK。我们有所有主要语言的它们 - 请参阅此Getting Started 指南顶部的选项卡列表。或者，我们在 GitHub 上提供了这些库的所有源代码（例如 - 这里是 .NET source code），您可以在源代码中查看签名逻辑 - 查看 SharedAccessSignatureHelper 以获取 SAS 令牌 (here)。