doujianqin5172
doujianqin5172
2017-08-17 21:35

为什么我的Azure SAS令牌签名不匹配?

已采纳

This is the error returned when I try to access a blob in storage:

Code: AuthenticationFailed Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. AuthenticationErrorDetail: Signature did not match. String to sign used was xxstorageaccount rwdlac b sco 2017-08-17T21:29:24Z 2017-08-17T21:34:24Z https 2017-04-17

Here's my code:

$storageAccount = config('azure.storage.account');

$start = new \DateTime();     
$end = (new \DateTime())->modify('+5 minutes');
$start = $start->format('Y-m-d\TH:i:s\Z');
$end = $end->format('Y-m-d\TH:i:s\Z');

$toSign = $storageAccount . "
";
$toSign .= "rwdlac" . "
";
$toSign .= "b" . "
";
$toSign .= "sco" . "
";
$toSign .= $start . "
";
$toSign .= $end . "
"; 
$toSign .= "
";
$toSign .= "https" . "
";
$toSign .= "2017-04-17" . "
";

$signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, $sasKeyValue, TRUE))); 
$token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;

return $uri . $token;
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dst67283 dst67283 4年前

    You could do 2 things to avoid this error.

    1. Convert start and end time to GMT time via setTimezone() function or consider using the gmdate function instead.

    2. Decode base64 account key through base64_decode() function.

    Please change your code like the following:

    $storageAccount = config('azure.storage.account');
    
    $start = (new \DateTime())->setTimezone(new DateTimeZone('GMT'));     
    $end = (new \DateTime())->setTimezone(new DateTimeZone('GMT'))->modify('+5 minutes');
    $start = $start->format('Y-m-d\TH:i:s\Z');
    $end = $end->format('Y-m-d\TH:i:s\Z');
    
    $toSign = $storageAccount . "
    ";
    $toSign .= "rwdlac" . "
    ";
    $toSign .= "b" . "
    ";
    $toSign .= "sco" . "
    ";
    $toSign .= $start . "
    ";
    $toSign .= $end . "
    "; 
    $toSign .= "
    ";
    $toSign .= "https" . "
    ";
    $toSign .= "2017-04-17" . "
    ";
    
    $signature = rawurlencode(base64_encode(hash_hmac('sha256', $toSign, base64_decode($sasKeyValue), TRUE))); 
    $token = "?sv=2017-04-17&ss=b&srt=sco&sp=rwdlac&se=" . $end . "&st=" . $start . "&spr=https&sig=" . $signature;
    
    return $uri . $token;
    
    点赞 评论 复制链接分享

相关推荐