宇宙数据库Azure表API oData身份验证REST / C#？

Question

我正在尝试使用表API访问Azure Cosmos DB。

挑战是，尽管创建了SharedKeyLite，但服务器仍然未经授权返回--似乎不支持SharedKeyLite，或者我生成的签名或头错误。

这是代码

    static readonly string storageAccountName = "accountName";
    static readonly string storageAccountKey = "xxxx";
    static readonly string uri = "https://accountName.table.cosmosdb.azure.com/Contacts()";
    static readonly string utc_date = DateTime.UtcNow.ToString("r");


    static void Main(string[] args)
    {

        Console.WriteLine(GetResult().Result);

    }


    static async Task<string> GetResult()
    {
        // Set this to whatever payload you desire. Ours is null because 
        //   we're not passing anything in.
        Byte[] requestPayload = null;

        var requestDateString = DateTime.UtcNow.ToString("R", CultureInfo.InvariantCulture);
        var requestUri = new Uri(uri);

        DateTime now = DateTime.UtcNow;
        //Instantiate the request message with a null payload.
        using (var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, uri)
        { Content = (requestPayload == null) ? null : new ByteArrayContent(requestPayload) })
        {

            ConstructHeaders(httpRequestMessage.Headers, requestDateString);

            string authorizationHeader = GenerateSharedKeyLite(storageAccountKey, storageAccountName, uri,requestDateString);
            httpRequestMessage.Headers.Authorization = new AuthenticationHeaderValue("SharedKeyLite", authorizationHeader);
            // Send the request.
            using (HttpResponseMessage httpResponseMessage = await new HttpClient().SendAsync(httpRequestMessage))
            {
                string json = await httpResponseMessage.Content.ReadAsStringAsync();
                return json;
            }
        }
    }

这些是我要添加的标题，ConstructHeaders方法的扩展。

     //Construct the headers
    static void ConstructHeaders(HttpRequestHeaders headers, string now)
    {

        headers.Add("x-ms-date", now);
        headers.Add("x-ms-version", "2017-04-17");
        // If you need any additional headers, add them here before creating
        //   the authorization header. 
        headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));


        if (headers.Contains("DataServiceVersion"))
            headers.Remove("DataServiceVersion");
        headers.Add("DataServiceVersion", "3.0;NetFx");
        if (headers.Contains("MaxDataServiceVersion"))
            headers.Remove("MaxDataServiceVersion");
        headers.Add("MaxDataServiceVersion", "3.0;NetFx");
    }

这是创建SharedKeyLite的方法

    //Created Shared Key Lite 
    static string GenerateSharedKeyLite(string accessKey, string account, string url, string date)
    {
        var uri = new Uri(url);

        var canonicalizedResourceString = uri.PathAndQuery;
        var queryStart = canonicalizedResourceString.IndexOf('?');
        if (queryStart > -1)
        {
            if (queryStart < canonicalizedResourceString.Length - 1)
            {
                var path = canonicalizedResourceString.Substring(0, queryStart);
                var parameters = HttpUtility.ParseQueryString(canonicalizedResourceString.Substring(queryStart + 1));
                var sb = new StringBuilder();
                foreach (var keyOri in parameters.Keys)
                {
                    var value = parameters[keyOri];
                    var key = keyOri.ToLowerInvariant();
                    sb.Append("\n");
                    sb.Append(key);
                    sb.Append(":");
                    sb.Append(value);
                }
                canonicalizedResourceString = canonicalizedResourceString + sb.ToString();
            }
            else
            {
                canonicalizedResourceString = canonicalizedResourceString.Substring(0, canonicalizedResourceString.Length - 1);
            }
        }
        canonicalizedResourceString = $"/{account}{canonicalizedResourceString}";

        var stringToSign = $"{date}\n{canonicalizedResourceString}";
        var signedSignature = string.Empty;
        using (var hmac = new HMACSHA256(Convert.FromBase64String(accessKey)))
        {
            var outputBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign));
            var signature = Convert.ToBase64String(outputBytes);
            return $"{account}:{signature}";
        }


    }

有什么帮助吗？理想情况下，我希望使用simple.odata执行odata查询，但首先尝试使用HttpClient来完成这一工作。

Answer 1

只要复制你的代码，它就能在我这边工作。如果您没有修改代码，请确保您的storageAccountName和storageAccountKey是正确的。

顺便说一句，在方法GenerateSharedKeyLite中，不需要为实体操作向canonicalizedResourceString添加查询参数。如果您希望操作表或服务的组件信息，则只需要添加comp。见constructing-the-canonicalized-resource-string。

查询字符串应该包括问号和comp参数(例如，?comp=metadata)。查询字符串中不应包含任何其他参数。