在powershell中生成SAS帐户令牌
问题描述 投票:0回答:1
“我使用 Azure 生成了一个令牌,它正在工作,但我需要使用密钥在 PowerShell 中创建正确的脚本。我生成的
stringToSign# Azure Storage Account Details
$storageAccountName = "name"
$storageAccountKey = "key"
$baseUrl = "https://$storageAccountName.blob.core.windows.net"
# SAS Token parameters
$permissions = "rwdlacup" # Read, write, delete, list, add, create, update, process
$serviceVersion = "2022-11-02" # API version
$expiryDate = "2024-12-13T22:41:13Z" # Token expiry
$startDate = "2024-12-13T14:41:13Z" # Start time
$signedServices = "bqtf" # Blob, Queue, Table, File
$signedResourceTypes = "sco" # Service, Container, Object
$signedIP = "" # No specific IP restriction
$signedProtocol = "https" # Only HTTPS
# Create the string-to-sign
$stringToSign = "$storageAccountName\n$permissions\n$signedServices\n$signedResourceTypes\n$startDate\n$expiryDate\n$signedIP\n$signedProtocol\n$signedversion"
# Compute HMAC SHA-256
$hmac = New-Object System.Security.Cryptography.HMACSHA256
$hmac.Key = [Convert]::FromBase64String($storageAccountKey)
$sig = [Convert]::ToBase64String($hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign)))
# Construct SAS token
$sasToken = "?sv=$serviceVersion&ss=$signedServices&srt=$signedResourceTypes&sp=$permissions&se=$expiryDate&st=$startDate&spr=https&sig=$sig"
# Full URL with SAS token
$fullUrl = "$baseUrl/$sasToken"
我尝试了不同类型的
stringToSignstringToSign 1个回答
0
投票
投票
在 powershell 中生成 SAS 帐户令牌
如果您使用
2022-11-02stringToSignStringToSign = accountname + "\n" +
signedpermissions + "\n" +
signedservice + "\n" +
signedresourcetype + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
signedEncryptionScope + "\n"
您可以使用以下脚本使用 Powershell 生成帐户 sas 令牌。
脚本:
# Parameters
$xMsDate = [System.DateTime]::UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ")
$expiryInSeconds = 7200 # 2 hours validity
$accountName = "xxx"
$signedPermissions = "rwdlaciytfx"
$signedService = "b"
$signedResourceType = "sco"
$signedStart = $xMsDate
$signedExpiry = [System.DateTime]::UtcNow.AddSeconds($expiryInSeconds).ToString("yyyy-MM-ddTHH:mm:ssZ")
$signedIP = "" # Optional
$signedProtocol = "https"
$signedVersion = "2022-11-02"
$signedEncryptionScope = ""
# Storage Account Key (Replace with your actual key)
$accessKey = "xxxx"
# Construct String-to-Sign
$StringToSign = "{0}`n{1}`n{2}`n{3}`n{4}`n{5}`n{6}`n{7}`n{8}`n{9}`n" -f `
$accountName, $signedPermissions, $signedService, $signedResourceType, `
$signedStart, $signedExpiry, $signedIP, $signedProtocol, $signedVersion, $signedEncryptionScope
# Decode the storage account key
$keyBytes = [Convert]::FromBase64String($accessKey)
# Convert String-to-Sign to bytes
$SignatureBytes = [System.Text.Encoding]::UTF8.GetBytes($StringToSign)
# Generate HMAC-SHA256 signature
$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $keyBytes
$Signature = [Convert]::ToBase64String($hasher.ComputeHash($SignatureBytes))
# Generate SAS Token
$sasToken = "sv=$signedVersion&ss=$signedService&srt=$signedResourceType&sp=$signedPermissions&se=$signedExpiry&st=$signedStart&spr=$signedProtocol&sig=$([System.Web.HttpUtility]::UrlEncode($Signature))"
# Output the SAS Token
Write-Output $sasToken
输出:
sv=2022-11-02&ss=b&srt=sco&sp=rwdlaciytfx&se=2024-12-14T11:27:45Z&st=2024-12-14T09:27:45Z&spr=https&sig=redacted
现在,我使用 blob URL 验证了 SAS 令牌,以从 Azure blob 存储中获取图像。
API请求:
参考:
最新问题
- Next.js Vercel 部署错误:无法收集 /api/favourites/[drivenSchoolId] 的页面数据
- 显示等距图块时的 Z 顺序问题
- PyCharm 后台任务占用 CPU - 如何检查
- 有没有办法在supabase中使用google oAuth添加用户同意访问他们的电话号码、出生日期和性别数据?
- 如何在 kdb/q 中比较多个列并使用布尔逻辑更新新列?
- Cors 发布本地 xampp 服务器和反应前端
- 如何动态调整TextField的宽度以适应其内容?
- 如何检测Android 11中权限的永久拒绝?
- 无法确定为什么我的 Excel 工作表臃肿
- 如何以编程方式创建一个槽并将 HTMLElement 插入其中?
- 关系代数交集性质
- options.data更新后如何重新渲染/刷新表格?
- 任务(小写)与任务(大写)
- 不知道如何分隔列
- 在linux 20.04上安装IPOPT
- 有没有办法给signal的rxResource()设置一个默认值比如signal()
- 使用 pandas.read_csv(..., comment="#") 跳过行但允许数据中的散列?
- 如何在模板中调用具有不同参数数量的函数?
- 最小值和最大值在减少内存使用方面起什么作用?
- 如何使用递归函数进行产品过渡?
© www.soinside.com 2019 - 2024. All rights reserved.