当前位置: 文江博客话题详情

值不能为null。 (参数; sharedKeykeyCredential;)

发布于 2025-01-28 16:33:27 字数 903 浏览 4 评论 0原文

我们正在从V11迁移代码以使用Azure Storage V12客户端库(Azure.storage.blobs 12.12.0)。当我们尝试使用GeneratesAsuri()方法创建SAS URI时,请获取以下提到的例外。
异常:“值不能为null。(参数'sharedKeyCredential')””

this.blobContainerClient = new BlobContainerClient(
                new Uri($https://{storageAccountName}.blob.core.windows.net/{containerName}),
                new ManagedIdentityCredential(managedIdentityAppId));

var blobClient = blobContainerClient.GetBlobClient(blobName);

            BlobSasBuilder sasBuilder = new()
            {
                BlobContainerName = containerName,
                BlobName = blobName,
                Resource = "b", 
                StartsOn = DateTime.UtcNow.AddMinutes(-15),
                ExpiresOn = expirationTimeUtc
            };
            sasBuilder.SetPermissions(requestedPermission);            

            return blobClient.GenerateSasUri(sasBuilder);
原文

We are migrating the code to use azure storage v12 client libraries (Azure.Storage.Blobs 12.12.0) from V11. Getting the below mentioned exception when we try to create SAS Uri using GenerateSasUri() method.
Exception: "Value cannot be null. (Parameter 'sharedKeyCredential')"

this.blobContainerClient = new BlobContainerClient(
                new Uri($https://{storageAccountName}.blob.core.windows.net/{containerName}),
                new ManagedIdentityCredential(managedIdentityAppId));

var blobClient = blobContainerClient.GetBlobClient(blobName);

            BlobSasBuilder sasBuilder = new()
            {
                BlobContainerName = containerName,
                BlobName = blobName,
                Resource = "b", 
                StartsOn = DateTime.UtcNow.AddMinutes(-15),
                ExpiresOn = expirationTimeUtc
            };
            sasBuilder.SetPermissions(requestedPermission);            

            return blobClient.GenerateSasUri(sasBuilder);

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

古镇旧梦 2025-02-04 16:33:27

您还可以使用所谓的用户代表团键为广告验证(包含托管服务身份)用户创建SAS URI。

从这里阅读更多:
创建一个用户代表团SAS对于带有.NET的容器,目录或BLOB

示例代码(从上面的链接缩写):

var blobServiceClient = blobClient
    .GetParentBlobContainerClient()
    .GetParentBlobServiceClient();

var userDelegationKey = await blobServiceClient
    .GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));

var sasBuilder = new BlobSasBuilder()
{
    BlobContainerName = blobClient.BlobContainerName,
    BlobName = blobClient.Name,
    Resource = "b",
    StartsOn = DateTimeOffset.UtcNow,
    ExpiresOn = DateTimeOffset.UtcNow.AddDays(7)
};

sasBuilder.SetPermissions(BlobSasPermissions.Read);

var blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
    Sas = sasBuilder.ToSasQueryParameters(
            userDelegationKey, 
            blobServiceClient.AccountName)
};

var uri = blobUriBuilder.ToUri();

请注意,用户代表键不能像共享键一样长。我认为UDK的最高持续时间是几天或几周的规模,而您可以使用几个月的SAS URL,并带有共享键。

You CAN create SAS Uris for AD authenticated (incl managed service identities) users as well, with what is called user delegation key.

Read more from here:
Create a user delegation SAS for a container, directory, or blob with .NET

Example code (abbreviated from the link above):

var blobServiceClient = blobClient
    .GetParentBlobContainerClient()
    .GetParentBlobServiceClient();

var userDelegationKey = await blobServiceClient
    .GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));

var sasBuilder = new BlobSasBuilder()
{
    BlobContainerName = blobClient.BlobContainerName,
    BlobName = blobClient.Name,
    Resource = "b",
    StartsOn = DateTimeOffset.UtcNow,
    ExpiresOn = DateTimeOffset.UtcNow.AddDays(7)
};

sasBuilder.SetPermissions(BlobSasPermissions.Read);

var blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
{
    Sas = sasBuilder.ToSasQueryParameters(
            userDelegationKey, 
            blobServiceClient.AccountName)
};

var uri = blobUriBuilder.ToUri();

Note that user delegation keys cannot be as long-lived as shared keys. I think the max duration for UDK was in the scale of days or a few weeks, while you could use months for SAS urls with shared keys.

回复 原文
沙与沫 2025-02-04 16:33:27

托马斯指出了这一问题的原因。代码中最好处理的最好是检查您的blobclinet是否能够使用 cangenerate> cangeneratesasulate

this.blobContainerClient = new BlobContainerClient(
                new Uri($https://{storageAccountName}.blob.core.windows.net/{containerName}),
                new ManagedIdentityCredential(managedIdentityAppId));

var blobClient = blobContainerClient.GetBlobClient(blobName);

    // Check whether this BlobClient object has been authorized with Shared Key.
    if (blobClient.CanGenerateSasUri)
    {
        
            BlobSasBuilder sasBuilder = new()
            {
                BlobContainerName = containerName,
                BlobName = blobName,
                Resource = "b", 
                StartsOn = DateTime.UtcNow.AddMinutes(-15),
                ExpiresOn = expirationTimeUtc
            };
            sasBuilder.SetPermissions(requestedPermission);            

            return blobClient.GenerateSasUri(sasBuilder);
    }
    else
    {
        Console.WriteLine(@"BlobClient must be authorized with Shared Key 
                          credentials to create a service SAS.");
        return null;
    }

Thomas pointed out the cause for this issue. The best to handle in your code is to check whether your blobclinet can able to create the sas using CanGenerateSasUri

this.blobContainerClient = new BlobContainerClient(
                new Uri($https://{storageAccountName}.blob.core.windows.net/{containerName}),
                new ManagedIdentityCredential(managedIdentityAppId));

var blobClient = blobContainerClient.GetBlobClient(blobName);

    // Check whether this BlobClient object has been authorized with Shared Key.
    if (blobClient.CanGenerateSasUri)
    {
        
            BlobSasBuilder sasBuilder = new()
            {
                BlobContainerName = containerName,
                BlobName = blobName,
                Resource = "b", 
                StartsOn = DateTime.UtcNow.AddMinutes(-15),
                ExpiresOn = expirationTimeUtc
            };
            sasBuilder.SetPermissions(requestedPermission);            

            return blobClient.GenerateSasUri(sasBuilder);
    }
    else
    {
        Console.WriteLine(@"BlobClient must be authorized with Shared Key 
                          credentials to create a service SAS.");
        return null;
    }
回复 原文
~没有更多了~

关于作者

半葬歌

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

夢野间

文章 0 评论 0

百度③文鱼

文章 0 评论 0

小草泠泠

文章 0 评论 0

zhuwenyan

文章 0 评论 0

weirdo

文章 0 评论 0

坚持沉默

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文