doujianqin5172 2017-08-17 21:35
浏览 276
已采纳

为什么我的Azure SAS令牌签名不匹配?

This is the error returned when I try to access a blob in storage:

Code: AuthenticationFailed Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. AuthenticationErrorDetail: Signature did not match. String to sign used was xxstorageaccount rwdlac b sco 2017-08-17T21:29:24Z 2017-08-17T21:34:24Z https 2017-04-17

Here's my code:

$storageAccount = config('azure.storage.account');

$start = new \DateTime();     
$end = (new \DateTime())->modify('+5 minutes');
$start = $start->format('Y-m-d\TH:i:s\Z');
$end = $end->format('Y-m-d\TH:i:s\Z');

$toSign = $storageAccount . "
";
$toSign .= "rwdlac" . "
";
$toSign .= "b" . "
";
$toSign .= "sco" . "
";
$toSign .= $start . "
";
$toSign .= $end . "
"; 
$toSign .= "
";
$toSign .= "https" . "
";
$toSign .= "2017-04-17" . "
";

$signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, $sasKeyValue, TRUE))); 
$token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;

return $uri . $token;
  • 写回答

1条回答 默认 最新

  • dst67283 2017-08-18 07:30
    关注

    You could do 2 things to avoid this error.

    1. Convert start and end time to GMT time via setTimezone() function or consider using the gmdate function instead.

    2. Decode base64 account key through base64_decode() function.

    Please change your code like the following:

    $storageAccount = config('azure.storage.account');
    
    $start = (new \DateTime())->setTimezone(new DateTimeZone('GMT'));     
    $end = (new \DateTime())->setTimezone(new DateTimeZone('GMT'))->modify('+5 minutes');
    $start = $start->format('Y-m-d\TH:i:s\Z');
    $end = $end->format('Y-m-d\TH:i:s\Z');
    
    $toSign = $storageAccount . "
    ";
    $toSign .= "rwdlac" . "
    ";
    $toSign .= "b" . "
    ";
    $toSign .= "sco" . "
    ";
    $toSign .= $start . "
    ";
    $toSign .= $end . "
    "; 
    $toSign .= "
    ";
    $toSign .= "https" . "
    ";
    $toSign .= "2017-04-17" . "
    ";
    
    $signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, base64_decode($sasKeyValue), TRUE))); 
    $token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;
    
    return $uri . $token;
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥15 python天天向上类似问题,但没有清零
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 C#调用python代码(python带有库)
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)