0

我尝试使用 powershell 调用存储 REST API 但遇到错误。PFB详细信息-

  1. 脚本
    $version = "2017-04-17"
    $storageAccount = "{storageAccountName}"
    $accesskey= “{storageAccountAccessKey}"
    $resource = "?comp=list"    
    $storage_url = "https://$storageAccount.blob.core.windows.net/$resource"
    $GMTTime = (Get-Date).ToUniversalTime().toString('R')

    $stringToSign =    "GET`nx-ms-date:$GMTTime`nx-ms-version:2017-04-17`n/$storageAccount/$resource"
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = [Convert]::FromBase64String($accesskey)

    $signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
    $signature = [Convert]::ToBase64String($signature)
    $headers = @{
        'x-ms-date'    = $GMTTime
        'Authorization'  = "SharedKeyLite " + $storageAccount + ":" + $signature
        'x-ms-version' = $version
    }
    Invoke-RestMethod -Method GET -Uri $storage_url -Headers $headers
  1. 错误信息
Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the 
signature.
RequestId:ee5459f7-501e-004b-0426-46de36000000
Time:2020-06-19T10:45:36.7846714ZThe MAC signature found in the HTTP request <signature>' is not the same as any computed signature. 
Server used following string to sign: 'GET
x-ms-date:Fri, 19 Jun 2020 10:37:00 GMT
x-ms-version:2017-04-17
/<storageAccount>/?comp=list'.

有人可以帮我理解这里缺少什么。遵循授权文档 - https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key

4

1 回答 1

0

请使用以下代码:

$version = "2017-04-17"
$storageAccount = "{storageAccountName}"
$accesskey= “{storageAccountAccessKey}"
$resource = "?comp=list"    
$storage_url = "https://$storageAccount.blob.core.windows.net/$resource"
$GMTTime = (Get-Date).ToUniversalTime().toString('R')
$ContentMd5 = ""
$ContentType = ""
$CanonicalizedHeaders = "x-ms-date:$GMTTime`nx-ms-version:$version`n"
$CanonicalizedResource = "/$storageAccount/$resource"
$stringToSign =    "GET`n$ContentMd5`n$ContentType`n`n$CanonicalizedHeaders$CanonicalizedResource"
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Convert]::FromBase64String($accesskey)

$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signature = [Convert]::ToBase64String($signature)
$headers = @{
    'x-ms-date'    = $GMTTime
    'Authorization'  = "SharedKeyLite " + $storageAccount + ":" + $signature
    'x-ms-version' = $version
}
Invoke-RestMethod -Method GET -Uri $storage_url -Headers $headers
于 2020-06-22T06:40:57.213 回答