我想通过调用 Azure Storage v12 API 中的
Azure.Storage.Queues.ExistsAsync(CancellationToken cancellationToken = default)
方法来检查 Azure 存储队列是否存在。我尝试根据业务要求通过 SAS 令牌执行此操作,但收到如下授权错误:
Azure.RequestFailedException: This request is not authorized to perform this operation.
Status: 403
ErrorCode: AuthorizationFailure
在堆栈跟踪中,我可以看到这一行在 API 中引发了错误:
Azure.Storage.Queues.QueueRestClient.GetPropertiesAsync(Nullable`1 timeout, CancellationToken cancellationToken)
我使用的API如下所示:
var serviceQueueClient = new QueueClient(GetServiceSasToken());
return await serviceQueueClient.ExistsAsync(); // this line throws the exception
private Uri GetServiceSasToken()
{
var queueSasBuilder = new QueueSasBuilder()
{
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(15),
QueueName = _queueName, // Name of my queue, which exists on Azure Portal
Protocol = SasProtocol.Https
};
queueSasBuilder.SetPermissions(QueueSasPermissions.Read | QueueSasPermissions.Add | QueueSasPermissions.Process);
StorageSharedKeyCredential storageSharedKeyCredential = new(_accountName, _accountKey); // storage account name, and the access key
var sasQueryParams = queueSasBuilder.ToSasQueryParameters(storageSharedKeyCredential).ToString();
return new UriBuilder()
{
Scheme = "https",
Host = $"{_accountName}.queue.core.windows.net",
Path = _queueName,
Query = sasQueryParams
}.Uri;
}
我还尝试使用帐户 SAS 令牌,如下所示,但这也失败并出现相同的错误。
var serviceQueueClient = new QueueClient(GetAccountSasToken());
return await serviceQueueClient.ExistsAsync(); // this line throws the exception
private Uri GetAccountSasToken()
{
var queueSasBuilder = new AccountSasBuilder()
{
Services = AccountSasServices.Queues,
ResourceTypes = AccountSasResourceTypes.Service | AccountSasResourceTypes.Container | AccountSasResourceTypes.Object,
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(15),
Protocol = SasProtocol.Https
};
queueSasBuilder.SetPermissions(AccountSasPermissions.Create | AccountSasPermissions.List | AccountSasPermissions.Read);
StorageSharedKeyCredential storageSharedKeyCredential = new(_accountName, _accountKey); // storage account name, and the access key
var sasQueryParams = queueSasBuilder.ToSasQueryParameters(storageSharedKeyCredential).ToString();
return new UriBuilder()
{
Scheme = "https",
Host = $"{_accountName}.queue.core.windows.net",
Path = _queueName,
Query = sasQueryParams
}.Uri;
}
我设法在同一个 kubernetes pod 中以类似的方式操作 Azure Blob,因此专用端点在我的环境中应该可以正常工作。 我错过了什么?
从我这边复制后,我收到了同样的错误。
您遇到此问题是因为存储帐户启用了防火墙。
确保添加 IP 地址范围以允许从 Internet 或本地网络进行访问。
按照上述操作后我可以得到预期的结果。
我有同样的问题,但存储帐户没有防火墙保护它。