我在Web API服务中间接地调用CloudBlobContainer.CreateIfNotExist(请参见下面的FindOrCreatePrivateBlobContainer方法),但它返回以下403禁止错误消息:
<Error>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>Microsoft.WindowsAzure.Storage.StorageException</ExceptionType>
<StackTrace>
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(Boolean primaryOnly, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) at Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobRequestOptions requestOptions, OperationContext operationContext) at [Obfuscated].DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(String ContainerName, String AccountConnectionString) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.BlobStorage\BlobHelper.cs:line 25 at [Obfuscated].DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream(Int64 FileItemId) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.BlobStorage\BlobFileItemHandler.cs:line 114 at [Obfuscated].DocumentManagement.Service.Controllers.FileItemController.Get(String ServiceAuthKey, Int64 FileItemId) in c:\Users\[Obfuscated]\Desktop\[ProjectNameObfuscated]Online\[Obfuscated].DocumentManagement.Service\Controllers\FileItemController.cs:line 148 at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()
</StackTrace>
<InnerException>
<Message>An error has occurred.</Message>
<ExceptionMessage>
The remote server returned an error: (403) Forbidden.
</ExceptionMessage>
<ExceptionType>System.Net.WebException</ExceptionType>
<StackTrace>
at System.Net.HttpWebRequest.GetResponse() at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext)
</StackTrace>
</InnerException>
</Error>
以下是生成错误的代码:
public HttpResponseMessage Get(string ServiceAuthKey, Int64 FileItemId)
{
if (!CheckServiceAuthKey(ServiceAuthKey).IsSuccessStatusCode)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
HttpRequest request = HttpContext.Current.Request;
FileItem fi = null;
using (DocumentDbContext db = new DocumentDbContext())
{
fi = db.FileItems.Find(FileItemId);
}
BlobFileItemHandler fih = new BlobFileItemHandler();
Stream s = fih.GetStream(FileItemId);
// -------- DOWNLOAD FILE TO CLIENT --------
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Content = new StreamContent(s);
//a text file is actually an octet-stream (pdf, etc)
response.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
//we used attachment to force download
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
response.Content.Headers.ContentDisposition.FileName = fi.PublicFileName;
return response;
}
public Stream GetStream(Int64 FileItemId)
{
CloudBlobContainer c = BlobHelper.FindOrCreatePrivateBlobContainer("[Obfuscated]-dms", AccountConnectionString);
using (DocumentDbContext db = new DocumentDbContext())
{
FileItem fi = db.FileItems.Find(FileItemId);
CloudBlockBlob blob = c.GetDirectoryReference(fi.FilePathOnServer).GetBlockBlobReference(fi.PrivateFileName);
bool blobExists = blob.Exists();
if (!blobExists)
throw new System.IO.FileNotFoundException();
Stream stream = new MemoryStream();
blob.DownloadToStream(stream);
long streamlen = stream.Length;
stream.Position = 0;
return stream;
}
}
public static CloudBlobContainer FindOrCreatePrivateBlobContainer(string ContainerName, string AccountConnectionString)
{
Trace.TraceInformation("FindOrCreatePrivateBlobContainer '" + ContainerName + "' with connectionstring '" + AccountConnectionString + "'");
CloudStorageAccount account = CloudStorageAccount.Parse(AccountConnectionString);
CloudBlobClient blobClient = account.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(ContainerName);
container.CreateIfNotExists();
return container;
}
我需要一些帮助来排查此错误的原因。我已经尝试了以下操作:
- 检查要创建的容器名称是否有效,特别是只包含小写字母(没有特殊字符或大写字母)。
- 据说Azure服务器和调用服务器之间的时区差异可能导致403禁止访问错误消息。无论我是从个人电脑(使用UTC时区)还是从Azure部署运行服务,都会出现此错误。
- 检查了连接字符串和帐户密钥,似乎都是正确的。它的格式如下:
<add key="MyStuff.DocumentManagement.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=MyStuffAccount;AccountKey=[obfuscated]" />
- 尝试在http和https之间切换,但结果没有任何区别。
- 我能够通过VS 2013 server explorer连接到Azure存储并创建新的容器。
更新
在启用跟踪后,以下是错误输出: 应用程序: 2014-07-13T19:08:03 PID[6888] Error
Microsoft.WindowsAzure.Storage.StorageException: 远程服务器返回错误:(403)Forbidden. ---> System.Net.WebException: 远程服务器返回错误:(403) Forbidden. 应用程序: 在 System.Net.HttpWebRequest.GetResponse() 中应用程序: 在 Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand1 cmd, IRetryPolicy policy, OperationContext operationContext) 中应用程序: --- 内部异常堆栈跟踪的结尾 --- 在 Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync[T](RESTCommand
1 cmd, IRetryPolicy policy, OperationContext operationContext) 中应用程序: 在 Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.Exists(Boolean primaryOnly, BlobRequestOptions requestOptions, OperationContext operationContext) 中应用程序: 在 Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) 中应用程序: 在 [Obfuscated].DocumentManagement.BlobStorage.BlobHelper.FindOrCreatePrivateBlobContainer(String ContainerName, String AccountConnectionString) 中应用程序: 在 [Obfuscated].DocumentManagement.BlobStorage.BlobFileItemHandler.GetStream(Int64 FileItemId) 中应用程序:请求信息应用程序: RequestID:fce980ad-a673-4ef1-b55d-d017a49845c8 应用程序: RequestDate:Sun, 13 Jul 2014 19:08:02 GMT 应用程序: StatusMessage:服务器无法验证请求。请确保Authorization标头的值正确地形成,包括签名。