当前位置: 文江博客话题详情

Azure Blob存储BLOB从Azure Active Directory(Azure AD)身份验证访问

发布于 2025-01-27 22:11:31 字数 2108 浏览 3 评论 0原文 

 ClientSecretCredential clientSecret = new ClientSecretCredentialBuilder()
          .clientId("********-****-****-****-************").tenantId(
          "********-****-****-****-************")
          .clientSecret("*****~***************************~******").build();
        
        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .credential(clientSecret)
                .endpoint("https://sambhutestsa.blob.core.windows.net/")
                .buildClient();
        
        
            
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("testcontainer");
        
        
        System.out.printf("Identifier for the snapshot is %s%n", blobContainerClient.getBlobClient("2824891.jpg").downloadToFile("C:\\Users\\ss255248\\2824891.jpg");

但是遇到这个错误可以在这里提供帮助。

Exception in thread "main" com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:d813ea5f-d01e-004d-7b0f-656de3000000
Time:2022-05-11T08:13:50.0902556Z</Message></Error>
原文 
 ClientSecretCredential clientSecret = new ClientSecretCredentialBuilder()
          .clientId("********-****-****-****-************").tenantId(
          "********-****-****-****-************")
          .clientSecret("*****~***************************~******").build();
        
        BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
                .credential(clientSecret)
                .endpoint("https://sambhutestsa.blob.core.windows.net/")
                .buildClient();
        
        
            
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("testcontainer");
        
        
        System.out.printf("Identifier for the snapshot is %s%n", blobContainerClient.getBlobClient("2824891.jpg").downloadToFile("C:\\Users\\ss255248\\2824891.jpg");

but getting this error can someone please help here.

Exception in thread "main" com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:d813ea5f-d01e-004d-7b0f-656de3000000
Time:2022-05-11T08:13:50.0902556Z</Message></Error>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

指尖微凉心微凉 2025-02-03 22:11:31

要解决错误,请尝试以下操作:

确保您是否具有以下角色分配给安全局的

如果没有,请确保 分配 如下所示:

转到Azure Portal - &gt;识别所需范围(订阅/资源组) - &gt;访问控制(IAM) - &GT;添加角色分配

”在此处输入图像描述

  • 检查您的应用程序是否以下 api permissions

”

有关更多信息,请参阅/strong> this msdoc

  • 否则,尝试将时区设置为 utc-0
  • 尝试将 comp = list&amp; restype =容器 作为解决方法。
  • 利用此 so thread

有关更多详细信息,请请参阅下面的链接链接:

Azure应用程序服务拒绝了403错误的存储帐户 - 堆栈溢出

[已解决] azure共享访问签名 - 签名不匹配 - 本地编码器

To resolve the error, please try the following:

Make sure whether you have below roles assigned to your security principal:

If not, make sure to assign it like below:

Go to Azure Portal ->Identify the required scope (Subscription/Resource group) -> Access Control (IAM) -> Add Role assignment

enter image description here

  • Check whether your application has below API permissions:

Image2

For more information, please refer this MsDoc:

  • Otherwise, try setting the time zone to UTC-0 .
  • Try adding comp=list&restype=container to your SAS URL as a workaround.
  • Make use of the snippet suggested in this SO thread.

For more in detail, please refer below link:

Azure App Service rejected with 403 error by Storage Account - Stack Overflow

[Solved] Azure Shared Access Signature - Signature did not match - Local Coder

回复 原文
~没有更多了~

关于作者

真心难拥有

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

诺曦

文章 0 评论 0

要走干脆点

文章 0 评论 0

把回忆走一遍

文章 0 评论 0

陌上青苔

文章 0 评论 0

Arthur

文章 0 评论 0

哄哄

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文