gpt4 book ai didi

azure - Blob 存储 403 未经授权

转载 作者:行者123 更新时间:2023-12-02 06:09:57 27 4
gpt4 key购买 nike

我们在同一计划下在 Azure Web 应用程序上托管了多个后端 API。所有API具有相同的出站ip,并且所有这些API都启用了访问限制,这些API只能在api网关内访问。我们有 blob 存储,我们还对其启用了限制(网络 → 从选定的虚拟网络和 IP 地址启用 → 防火墙,在其上添加了所有 API ip),现在,当 API 要从 blob 获取某些图像时,它会抛出以下错误,

Azure.RequestFailedException: This request is not authorized to perform this operation.
RequestId:0bc5827d-c01e-0030-382f-929e61000000
Status: 403 (This request is not authorized to perform this operation.)
ErrorCode: AuthorizationFailure
Content:
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:0bc5827d-c01e-0030-382f-929e61000000
Time:2023-05-29T13:11:56.0013545Z</Message></Error

需要注意的是,API 和 blob 均未使用 vNet,并且两者均位于同一资源组并使用相同的身份但是当我们删除存储帐户的网络限制时,它工作正常

最佳答案

我在我的环境中尝试了相同的操作并得到了如下所示的相同错误:

HTTP/1.1 403 This request is not authorized to perform this operation.
content-length: 246
content-type: application/xml
date: Wed, 31 May 2023 12:19:02 GMT
request-context: appId=cid-v1:fd69b195-73bf-4983-8e10-20874ab6fd70
vary: Origin
x-ms-error-code: AuthorizationFailure
x-ms-request-id: 0482fe63-001e-0005-0cba-93338e000000

![enter image description here](https://i.imgur.com/K48CoeH.png)

添加了应用服务对 IP 地址或虚拟网络的访问限制,如下所示:

enter image description here

在存储帐户防火墙中添加 IP 地址,如下所示:

enter image description here

确保在异常(exception)中允许受信任服务列表上的azure 服务访问此存储帐户
enter image description here

在 APIM 中启用托管身份。将 Storage Blob Data Contributor 角色分配给存储容器下的 Azure APIM 服务主体。

enter image description here

现在应用服务中的访问限制,仅允许所需的 Ip 和成功执行的存储帐户相同,如下所示:

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 534283
content-md5: Fq04hjyWtblQ0ljt0ObAeQ==
content-type: image/png
date: Wed, 31 May 2023 12:56:56 GMT
etag: "0x8DB61A69A90XXX"
last-modified: Wed, 31 May 2023 07:13:58 GMT
request-context: appId=cid-v1:fd69b195-73bf-4983-8e10-20874ab6fd70
vary: Origin
x-ms-blob-type: BlockBlob
x-ms-creation-time: Wed, 31 May 2023 07:13:58 GMT
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 8c7194fc-601e-0061-04bf-XXXXXXX
x-ms-server-encrypted: true
x-ms-version: 2017-11-09

enter image description here

引用:

Secure Azure Blob Storage with Azure API Management & Managed Identities | by Marcus Tee | Marcus Tee Anytime | Medium作者:Marcus Tee

关于azure - Blob 存储 403 未经授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76370411/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com