个人中心
gpt4 book ai didi

c# - S3 存储桶中的访问被拒绝

转载 作者:太空宇宙 更新时间:2023-11-03 22:45:51 25 4
gpt4 key购买 nike

请帮助我面临这个奇怪的问题,我正在尝试访问 S3 存储桶图像,我能够列出存储桶项目但是当尝试使用指向的 url 在 Web 应用程序中呈现图像时,我得到了 Access拒绝错误.我正在使用 cognito(联合身份)。

已设置信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "unauthenticated"
        }
      }
    }
  ]
}

这是我的完整代码

protected IAmazonEC2 ec2;
        protected IAmazonS3 s3;
        protected IAmazonSimpleDB sdb;
        protected void Page_Load(object sender, EventArgs e) {


            CognitoAWSCredentials credentials = new CognitoAWSCredentials(
    "us-east-1:ox0d70gm-1922z-4772-b2132-9748c6548bdb", // Identity pool ID
    RegionEndpoint.USEast1);


            Console.WriteLine("Identity ID: " + credentials.GetCredentials().Token);
            Console.WriteLine("Identity ID: " + credentials.GetCredentials().UseToken);
            Console.WriteLine("Access Key Id" + credentials.GetCredentials().AccessKey);
            Console.WriteLine("Secret Key:" + credentials.GetCredentials().SecretKey);


            IAmazonS3 s3Client = new AmazonS3Client(credentials);

            try {

                ListBucketsResponse response = s3Client.ListBuckets();

                List<S3Bucket> lS3Bucket = response.Buckets;

                foreach (S3Bucket s3 in lS3Bucket) {
                    Console.WriteLine(s3.BucketName);

                    ListObjectsV2Request request = new ListObjectsV2Request {
                        BucketName = s3.BucketName
                    };

                    ListObjectsV2Response responseV2;

                    responseV2 = s3Client.ListObjectsV2(request);

                    foreach (S3Object entry in responseV2.S3Objects) {

                        if(s3.BucketName== "saveen-2017-june-15") {
                            Response.Write("<img src='https://s3.amazonaws.com/"+ entry.BucketName + "/"+ entry.Key + "' height=100 width=100/>"); // access denied error
                        }
                    }
                }

                int numBuckets = 0;
                if (response.Buckets != null &&
                    response.Buckets.Count > 0) {
                    numBuckets = response.Buckets.Count;
                }
                Console.WriteLine("You have " + numBuckets + " Amazon S3 bucket(s).");
            } catch (AmazonS3Exception ex) {
                if (ex.ErrorCode != null && (ex.ErrorCode.Equals("InvalidAccessKeyId") ||
                    ex.ErrorCode.Equals("InvalidSecurity"))) {
                    Console.WriteLine("Please check the provided AWS Credentials.");
                    Console.WriteLine("If you haven't signed up for Amazon S3, please visit http://aws.amazon.com/s3");
                } else {
                    Console.WriteLine("Caught Exception: " + ex.Message);
                    Console.WriteLine("Response Status Code: " + ex.StatusCode);
                    Console.WriteLine("Error Code: " + ex.ErrorCode);
                    Console.WriteLine("Request ID: " + ex.RequestId);
                }
            }

更新部分

我进一步研究发现我需要实现Developer Authenticated Identities Authflow(增强型Authflow)在

步骤如下

  1. 通过开发者提供商登录(Amazon Cognito 之外的代码)
  2. 验证用户的登录(Amazon Cognito 之外的代码)
  3. 获取OpenIdTokenForDeveloperIdentity
  4. GetCredentialsForIdentity

下面是上面实现的完整代码

class Program {
    public static void Main(string[] args) {

        //GetOpenIdTokenForDeveloperIdentity
        CognitoAWSCredentials credentials = new CognitoAWSCredentials(
                "us-east-1:#####-####-####-####-########", RegionEndpoint.USEast1);

        //GetCredentialsForIdentity
        GetCredentialsForIdentityResponse tokenResp = identityClient.GetCredentialsForIdentity(credentials.GetIdentityId());

        string date = GetRoute53Date();

        Console.WriteLine(GetAWSR53_SHA1AuthorizationValue(tokenResp.Credentials.GetCredentials().AccessKey, tokenResp.Credentials.GetCredentials().SecretKey, date));
        // Now here I have Access key and Signature

        Console.Read();
    }



    public static string GetAWSR53_SHA1AuthorizationValue(string AWSAccessKeyId,
        string AWSSecretAccessKey, string AmzDate) {
        System.Security.Cryptography.HMACSHA1 MySigner =
           new System.Security.Cryptography.HMACSHA1(
           System.Text.Encoding.UTF8.GetBytes(AWSSecretAccessKey));

        string SignatureValue = Convert.ToBase64String(
          MySigner.ComputeHash(System.Text.Encoding.UTF8.GetBytes(AmzDate)));

        string AuthorizationValue = "AWS3-HTTPS AWSAccessKeyId=" +
           System.Uri.EscapeDataString(AWSAccessKeyId) +
           ",Algorithm=HmacSHA1,Signature=" + SignatureValue;

        return AuthorizationValue;
    }

    public static string GetRoute53Date() {
        string url = "https://route53.amazonaws.com/date";
        HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
        request.Method = "GET";
        HttpWebResponse response;
        response = request.GetResponse() as HttpWebResponse;
        return response.Headers["Date"];
    }

}

现在正在访问S3 bucket Image资源,想要展示。

我正在使用下面的代码

GET /####-###-###-15/myfile.png HTTP/1.1
Host: s3.amazonaws.com
Authorization: AWS ASIAJ4DZFDVDEB3GSNDA:ulAQKnJkiLAWFg8cB+F+5hje0mE=
x-amz-date: Thu, 26 Apr 2018 07:14:18 GMT
Cache-Control: no-cache

它给我下面给出的错误

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>InvalidAccessKeyId</Code>
    <Message>The AWS Access Key Id you provided does not exist in our records.</Message>
    <AWSAccessKeyId>ASIAJ4DZFDVDEB3GSNDA</AWSAccessKeyId>
    <RequestId>C593C6DE5E004836</RequestId>
    <HostId>fS+WnzQo0UtqlUaLyoMfIxbKElRs56xYPcL8bNn62VQ41HLG26Mr2Aq+2UL6IsZvO1xFxp6lZdc=</HostId>
</Error>

最佳答案

如果您尝试使用像 https://s3-eu-west-1.amazonaws.com/bucket-name/image.jpg 这样的默认亚马逊网址(这似乎是这种情况),这可能是因为默认情况下它们不对外公开。

我想在 Web 应用程序中显示它们之前,您必须将对象设置为“公共(public)”。

您可以在控制台中执行此操作: Make object public in S3

一旦改变,那么在对象属性中,你可以直接访问web url: see here

否则,您将在尝试访问该 URL 时收到“访问被拒绝”错误 as here

希望这对您有所帮助!

编辑:根据评论,我建议您查看“预签名 URL”。 more info .我想这就是您要实现的目标。在授予客户端临时 GET/PUT 访问权限的同时,在 s3 中保持对象私有(private)。编码愉快!

关于c# - S3 存储桶中的访问被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49981231/

25 4 0
文章推荐: c - OpenCV 泄漏内存(cvResize、cvCreateImage)
文章推荐: angularjs - 浏览器同步 headless 环境错误
文章推荐: python-3.x - Python-OpenCV cv2 OpenCV错误: Assertion failed
文章推荐: node.js - 本地安装时,“Protractor ”不被识别为内部或外部命令
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com