Azure CloudBlobContainer.CreateIfNotExists返回403禁止
本文关键字:禁止 返回 CreateIfNotExists CloudBlobContainer Azure | 更新日期: 2023-09-27 18:12:47
我正在调用CloudBlobContainer。间接地从Web API服务中创建ifnotexist(参见下面的FindOrCreatePrivateBlobContainer方法),但它返回以下403禁止错误消息:
<Error>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>Microsoft.WindowsAzure.Storage.StorageException</ExceptionType>
<StackTrace>
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(Boolean primaryOnly, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobRequestOptions requestOptions, OperationContext operationContext) at [Obfuscated].DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(String ContainerName, String AccountConnectionString) in c:'Users'[Obfuscated]'Desktop'[ProjectNameObfuscated]Online'[Obfuscated].DocumentManagement.BlobStorage'BlobHelper.cs:line 25 at [Obfuscated].DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream(Int64 FileItemId) in c:'Users'[Obfuscated]'Desktop'[ProjectNameObfuscated]Online'[Obfuscated].DocumentManagement.BlobStorage'BlobFileItemHandler.cs:line 114 at [Obfuscated].DocumentManagement.Service.Controllers.FileItemController.Get(String ServiceAuthKey, Int64 FileItemId) in c:'Users'[Obfuscated]'Desktop'[ProjectNameObfuscated]Online'[Obfuscated].DocumentManagement.Service'Controllers'FileItemController.cs:line 148 at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()
</StackTrace>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>System.Net.WebException</ExceptionType>
<StackTrace>
at System.Net.HttpWebRequest.GetResponse() at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
</StackTrace>
</InnerException>
</Error>
下面是产生错误的代码:
public HttpResponseMessage Get(string ServiceAuthKey, Int64 FileItemId)
{
if (!CheckServiceAuthKey(ServiceAuthKey).IsSuccessStatusCode)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
HttpRequest request = HttpContext.Current.Request;
FileItem fi = null;
using (DocumentDbContext db = new DocumentDbContext())
{
fi = db.FileItems.Find(FileItemId);
}
BlobFileItemHandler fih = new BlobFileItemHandler();
Stream s = fih.GetStream(FileItemId);
// -------- DOWNLOAD FILE TO CLIENT --------
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Content = new StreamContent(s);
//a text file is actually an octet-stream (pdf, etc)
response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
//we used attachment to force download
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
response.Content.Headers.ContentDisposition.FileName = fi.PublicFileName;
return response;
}
public Stream GetStream(Int64 FileItemId)
{
CloudBlobContainer c = BlobHelper.FindOrCreatePrivateBlobContainer("[Obfuscated]-dms", AccountConnectionString);
using (DocumentDbContext db = new DocumentDbContext())
{
FileItem fi = db.FileItems.Find(FileItemId);
CloudBlockBlob blob = c.GetDirectoryReference(fi.FilePathOnServer).GetBlockBlobReference(fi.PrivateFileName);
bool blobExists = blob.Exists();
if (!blobExists)
throw new System.IO.FileNotFoundException();
Stream stream = new MemoryStream();
blob.DownloadToStream(stream);
long streamlen = stream.Length;
stream.Position = 0;
return stream;
}
}
public static CloudBlobContainer FindOrCreatePrivateBlobContainer(string ContainerName, string AccountConnectionString)
{
Trace.TraceInformation("FindOrCreatePrivateBlobContainer '" + ContainerName + "' with connectionstring '" + AccountConnectionString + "'");
CloudStorageAccount account = CloudStorageAccount.Parse(AccountConnectionString);
CloudBlobClient blobClient = account.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(ContainerName);
container.CreateIfNotExists();
return container;
}
- 检查要创建的容器的名称是否有效,并且在此特定情况下仅由小写字母组成(没有特殊或大写字符)。
- 我了解到Azure服务器和调用服务器之间的时区差异可能导致403禁止错误消息。无论我是从我的个人计算机(时区设置为UTC)运行服务还是从Azure部署运行该服务,都会发生此错误。
- 我检查了我的连接字符串和帐户密钥,这似乎是正确的。格式为:
<add key="MyStuff.DocumentManagement.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=MyStuffAccount;AccountKey=[obfuscated]" /> - 我尝试在http和https之间切换,结果没有差异。
- 我可以确认我正在运行最新版本的Azure存储API (4.1.0)
- 我能够连接到Azure存储,并通过VS 2013服务器资源管理器创建一个新的容器
请帮忙!
更新下面是我启用跟踪后的错误输出:2014-07-13T19:08:03 PID[6888] Error
Microsoft.WindowsAzure.Storage.StorageException:远程服务器返回一个错误:(403)禁止。--> system.net.webeexception远程服务器返回一个错误:(403)禁止。应用程序:getresponse()应用程序Microsoft.WindowsAzure.Storage.Core.Executor.Executor。ExecuteSync[T](RESTCommand1 cmd, IRetryPolicy policy, OperationContext operationContext) Application: --- End of inner exception stack trace --- Application: at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommandcmd, IRetryPolicy, OperationContext, OperationContext应用程序:Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(布尔primaryOnly, BlobRequestOptions, requestOptions, OperationContext应用:atMicrosoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists (BlobContainerPublicAccessTypeaccessType, BlobRequestOptions, requestOptions, OperationContext应用:at(混淆).DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(字符串ContainerName, String AccountConnectionString)应用:at(混淆).DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream (Int64FileItemId)申请:请求信息申请:RequestID: fce980ad-a673-4ef1-b55d-d017a49845c8应用程序:请求日期:2014年7月13日星期日19:08:02 GMTStatusMessage:服务器验证请求失败。确保的值被正确地形成,包括签名。
这可能不是解决这个特定问题的方法,但它可能对其他人有所帮助。
我得到一个403错误,很难找到解决方案。我最终发现我的开发机器的时间差了2个小时。当我正确设置时间时,403消失了。
Azure要求UTC时间戳在请求时间的15分钟内。
正如我们在上面的评论中讨论的那样,当您开始从服务返回403状态码时,请确保您的密钥有效。如果密钥已通过门户重新生成或使用服务管理API
如果您最近升级了WindowsAzure,则密钥可以更改。存储而不是使用已弃用的WindowsAzure。那么你可能会遇到这个问题,因为BlobRequestOptions和OperationContext还没有设置
MSDN连接CloudBlobContainer创建如果不存在的方法
http://msdn.microsoft.com/en-us/library/microsoft.windowsazure.storage.blob.cloudblobcontainer.createifnotexists.aspx
对我来说,原来我们对存储帐户有一个IP限制,导致403禁止。修复它的方法是访问Azure门户并转到:
存储帐户→"StorageAccountName"→防火墙和虚拟网络
然后确保你的IP在允许的部分,或勾选"允许从所有网络访问"。
我在尝试连接到本地azure存储模拟器时遇到了类似的问题。通过Azure存储资源管理器连接成功,但通过使用REST API的自定义工具,它抛出403错误。我必须手动在配置中包含端点,并使用http而不是https。
更多信息在这里(https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string)
DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;
AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;
BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;
TableEndpoint=http://127.0.0.1:10002/devstoreaccount1;
QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;
尝试以下操作:1. 生成在App.config文件中使用的新访问键
或2. 登录到您的azure门户存储账户下选择->防火墙和虚拟网络在刀片下,启用允许从"所有网络"访问选项
我希望这对某人有用!
输入图像描述
我在调用
时看到同样的错误消息Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient.GetBlobReferenceFromServerAsync(Uri blobUri)
不小心使用了一个blobUri值,该值指向的URL与CloudBlobClient.BaseUri指向的URL不同