blob 和 sas

Blob是什么？

请看上篇文章简单总结下关于blob的图片上传 在使用Blob图片上传的时候碰到许多问题，比如如何使用用户名密码下载文件啊什么的 今天就记录一下我碰到的最大的问题

如何匿名去访问你上传的Blob文件

共享访问签名：了解 SAS 模型 这篇文章值得一看，多数官方的文档在有时候还是很有用的。尝试了半天，只发现一个方法可以用，使用blobName来生成SAS，再通过SAS生成的Uri+SASToken来访问blob文件。

  private static string GetBlobSasUri(CloudBlobContainer container, string blobName, string policyName = null)
        {
            string sasBlobToken;

            CloudBlockBlob blob = container.GetBlockBlobReference(blobName);

            if (policyName == null)
            {
                SharedAccessBlobPolicy adHocSAS = new SharedAccessBlobPolicy()
                {
                    SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(1),
                    Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create
                };

                sasBlobToken = blob.GetSharedAccessSignature(adHocSAS);

                Console.WriteLine("SAS for blob (ad hoc): {0}", sasBlobToken);
                Console.WriteLine();
            }
            else
            {
                sasBlobToken = blob.GetSharedAccessSignature(null, policyName);

                Console.WriteLine("SAS for blob (stored access policy): {0}", sasBlobToken);
                Console.WriteLine();
            }

            return blob.Uri + sasBlobToken;
        }

其实官方文档写的很详细了，不过有个参数我不是很懂，policyName ，文档里也没有过多的介绍，不过从代码来看，应该是已知URI，生成token后拼接吧。嗯。。。有空测试一下就知道了。。

官方还有一个比较吸引我的方法

private static string GetContainerSasUri(CloudBlobContainer container, string storedPolicyName = null)
        {
            string sasContainerToken;

            if (storedPolicyName == null)
            {
                SharedAccessBlobPolicy adHocPolicy = new SharedAccessBlobPolicy()
                {
                    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
                    Permissions = SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.List
                };

                sasContainerToken = container.GetSharedAccessSignature(adHocPolicy, null);

                Console.WriteLine("SAS for blob container (ad hoc): {0}", sasContainerToken);
                Console.WriteLine();
            }
            else
            {
                sasContainerToken = container.GetSharedAccessSignature(null, storedPolicyName);

                Console.WriteLine("SAS for blob container (stored access policy): {0}", sasContainerToken);
                Console.WriteLine();
            }

            return container.Uri + sasContainerToken;
        }

可以直接定位到容器，在容器上直接创建SAS来访问，然而我试了不同的参数，返回了各种各样的错误信息，比如。。

<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:2ce78f2c-0001-0023-1773-00b9e0000000 Time:2017-07-19T09:45:48.3088986Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was wl 2017-07-20T09:45:12Z /blob/hollywoodsharestorage/$root 2016-05-31
</AuthenticationErrorDetail>
</Error>

<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:4e04d8fe-0001-0020-6471-00bae7000000 Time:2017-07-19T09:29:23.1074413Z
</Message>
<AuthenticationErrorDetail>
Access without signed identifier cannot have time window more than 1 hour: Start [Wed, 19 Jul 2017 09:29:23 GMT] - Expiry [Wed, 19 Jul 2017 18:24:53 GMT]
</AuthenticationErrorDetail>
</Error>

差不多都是在告诉我，生成的签名不对。。。

是我打开的方式不对，还是有别的使用的方法，这个还需要更深一步研究，希望看到的各位大神，有知晓的，分享一下，感激不尽~