{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Rolldiameter 的问题《Windows Azure Shared Access Signature always gives》','https://www.manongdao.com/q-835516.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to get a shared access signature for a single blob and then download the blob using the REST api. However, I always get a forbidden 403 error message. Both on storage emulator and the cloud. Here is my code:
CloudStorageAccount storageAccount = CloudStorageAccount.Parse("myConnectionStringHere...");
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("containerName");
CloudBlob blob = container.GetBlobReference("blobName");
string sasToken = blob.GetSharedAccessSignature(new SharedAccessPolicy()
{
Permissions = SharedAccessPermission.Read,
SharedAccessExpiryTime = DateTime.UtcNow + TimeSpan.FromHours(24)
}
);
string completeUri = string.Format(CultureInfo.InvariantCulture, "{0}{1}", blob.Uri, sasToken);
// now use the uri to make the rest call and download
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(completeUri);
request.Method = "GET";
using (HttpWebResponse resp = (HttpWebResponse)request.GetResponse())
{
using (Stream s = resp.GetResponseStream())
{
using (FileStream fs = new FileStream("test.jpg", FileMode.Create, FileAccess.Write))
{
byte[] buffer = new byte[8 * 1024];
int len;
while ((len = s.Read(buffer, 0, buffer.Length)) > 0)
{
fs.Write(buffer, 0, len);
}
}
}
}
I keep getting the 403 error when invoking GetResponse. Any help appreciated!
EDIT: forgot to mention: I am using the latest azure sdk (2.0)
EDIT 2: I experimented a lot and found a tool called Azure Management Studio. This tool is able to create an SAS token. I did that, and used it with my REST call code. This worked just fine, so the error has to be inside the token creation code I have written. However, the format of the sas string is exactly the same. I don't know what else to try out
A few things I noticed:
Microsoft.WindowsAzure.StorageClientorMicrosoft.WindowsAzure.Storage. If it is former, then you're using old library.AuthenticationErrorDetailnode:Can you try by creating a SAS token which is valid for less than 1 hour? E.g.
If you continue to want to use the older storage client library, you have a few choices:
If you use the new storage client library, you would be able to define longer duration token without using a container access policy. However there are a lot of differences between the two versions of the library and migration from older to newer version is not trivial. I wrote a blog post some days ago about migrating code from older version to newer version. You can read it here: http://gauravmantri.com/tag/storage-client-library/. Lastly, I wrote a blog post on SAS, which you can read here: http://gauravmantri.com/2013/02/13/revisiting-windows-azure-shared-access-signature/.