gtc*_*ill 3 amazon-s3 amazon-web-services pre-signed-url aws-sdk-net
我正在生成一个预先签名的 URL 服务器端,以允许我的客户端应用程序将文件直接上传到 S3 存储桶。除非客户端应用程序在技术上比我的服务器时钟早一天的时区中的计算机上运行,否则一切正常。
我可以通过将系统时钟提前到第二天的时区来在本地重新创建问题。
这是我使用 .NET SDK 生成预签名 URL 的方式(我最初使用的是 DateTime.Now 而不是 UTCNow):
var request = new GetPreSignedUrlRequest
{
BucketName = bucketName,
Key = objectName,
Verb = HttpVerb.PUT,
Expires = DateTime.UtcNow.AddDays(5),
ContentType = "application/octet-stream"
};
request.Headers["x-amz-acl"] = "bucket-owner-full-control";
request.Metadata.Add("call", JsonConvert.SerializeObject(call).ToString());
return client.GetPreSignedURL(request);
然后我在客户端应用程序中使用该预签名 URL,如下所示:
using (var fileStream = new FileStream(recordingPath, FileMode.Open))
using (var client = new WebClient())
{
HttpContent fileStreamContent = new StreamContent(fileStream);
var bytes = await fileStreamContent.ReadAsByteArrayAsync();
client.Headers.Add("Content-Type", "application/octet-stream");
//include metadata in PUT request
client.Headers.Add("x-amz-meta-call", JsonConvert.SerializeObject(Call));
await client.UploadDataTaskAsync(new Uri(presignedUrl), "PUT", bytes);
}
这是我从 AWS 收到的错误:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>{access}</AWSAccessKeyId><StringToSign>....
在 Fiddler 中,请求对我来说几乎完全相同。
作品:
PUT https://{bucketname}.s3.amazonaws.com/1c849c76-dd2a-4ff7-aad7-23ec7e9ddd45_encoded.opus?X-Amz-Expires=18000&x-amz-security-token={security_token}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential={cred}&X-Amz-Date=20190312T021419Z&X-Amz-SignedHeaders=content-type;host;x-amz-acl;x-amz-meta-call;x-amz-security-token&X-Amz-Signature={sig} HTTP/1.1
x-amz-meta-call: {json_string}
x-amz-acl: bucket-owner-full-control
Content-Type: application/octet-stream
Host: {bucketname}.s3.amazonaws.com
Content-Length: 28289
Expect: 100-continue
{file}
不起作用:
PUT https://{bucketname}.s3.amazonaws.com/4cca3ec3-9f3f-4ba4-9d81-6336090610c0_encoded.opus?X-Amz-Expires=18000&x-amz-security-token={security_token}&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential={credentials}&X-Amz-Date=20190312T021541Z&X-Amz-SignedHeaders=content-type;host;x-amz-acl;x-amz-meta-call;x-amz-security-token&X-Amz-Signature={sig} HTTP/1.1
x-amz-meta-call: {json_string}
x-amz-acl: bucket-owner-full-control
Content-Type: application/octet-stream
Host: {bucketname}.s3.amazonaws.com
Content-Length: 18714
Expect: 100-continue
{file}
在这两种情况下,预签名 URL 都生成了相同的 x-amz-date 参数。我什至尝试从 URL 解析出 x-amz-date 参数,并将其显式设置为我的 PUT 中的标头,但这也不起作用。
我错过了什么?
小智 8
我发现我使用的是不同版本的签名。v4 非常适合我。
在 JS 中,需要 S3 作为
const s3 = new AWS.S3({
signatureVersion: 'v4'
});
| 归档时间: |
|
| 查看次数: |
2812 次 |
| 最近记录: |