问题描述

我有一个使用WindowsAzure.Storage API v3上的WebForms应用程序。它的工作原理在开发和生产于一体的环境很好，但我推出一个新的实例和任何code调用出来的Azure Blob存储给了我一个403错误。

I have a WebForms app that uses the WindowsAzure.Storage API v3. It works fine in development and in one production environment, but I'm rolling out a new instance and any code that calls out Azure Blob Storage gives me a 403 error.

我一直在摆弄这个一段时间，它失败在任何调用到Blob存储，因此而不是显示我的code我会告诉我的堆栈跟踪：

I've been fiddling with this for awhile, and it fails on any call out to Blob Storage, so rather than show my code I'll show my stack trace:

[WebException: The remote server returned an error: (403) Forbidden.]
   System.Net.HttpWebRequest.GetResponse() +8525404
   Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync(RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) +1541

[StorageException: The remote server returned an error: (403) Forbidden.]
   Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync(RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) +2996
   Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) +177
   ObsidianData.Azure.Storage.GetContainer(CloudBlobClient client, Containers targetContainer) in D:\Dev\nSource\Obsidian\Source\ObsidianData\Azure\Storage.vb:84
   ObsidianWeb.Leads.HandleListenLink(String fileName, HyperLink link) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:188
   ObsidianWeb.Leads.LoadEntity_ContactDetails(BoLead lead) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:147
   ObsidianWeb.Leads.LoadEntity(BoLead Lead) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:62
   EntityPages.EntityPage`1.LoadEntity() +91
   EntityPages.EntityPage`1.Page_LoadComplete(Object sender, EventArgs e) +151
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4018

下面是我已经试过...

Here's what I've tried...

• 在这种环境绝对失败的作品AzureStorageConnectionString生产


• 其他连接字符串（从其他生产环境中，其工作方式）也获得了403此处


• 似乎有在一些老版本的REST API的时间戳的问题（这我并没有直接使用...），所以我做出了一定的时间正确的，甚至试图切换服务器UTC时间。


• 试图切换HTTP / HTTPS之间的连接字符串。


• 升级到API的最新版本（V3.1）


• 试图与code摆弄，以确保每叫出Azure存储得到403它。


• 在绝望中，已安装的Azure PowerShell中的服务器上，只是为了验证某种类型与天青沟通工作。这工作得很好。


• 浏览到的Azure管理门户，以及与工作正常。

任何想法？这应该只是使用端口80或443，对不对？所以应该没办法这是某种形式的网络问题。让我知道这是错误的。

Any ideas? This should just be using port 80 or 443, right? So there should be no way this is some kind of network issue. Let me know if that's wrong.

• 工作生产机是Azure的VM（Server 2008 R2中与IIS 7.5）
  也有与服务器一些差异：


• 这台新机器是物理硬件（服务器2012和IIS 8）


• 这是用我的Azure订阅内不同的存储帐户，但是我已经试过共有3个连接字符串，其中没有一个在这里工作。

更新：有人求见code。好吧，我写了一个叫Azure.Storage类，它只是我的抽象云存储code。我们没有到Storage.Exists通话，所以这里的，感觉有关该类的一部分：

UPDATE: someone asked to see the code. Okay, I wrote a class called Azure.Storage, which just abstracts my cloud storage code. We are failing on a call to Storage.Exists, so here's the part of that class that feels relevant:

    Public Shared Function Exists(container As Containers, blobName As String) As Boolean
        Dim Dir As CloudBlobContainer = GetContainer(container)
        Dim Blob As CloudBlockBlob = Dir.GetBlockBlobReference(blobName.ToLower())

        Return Blob.Exists()
    End Function

    Private Shared Function GetContainer(client As CloudBlobClient, targetContainer As Containers)
        Dim Container As CloudBlobContainer = client.GetContainerReference(targetContainer.ToString.ToLower())
        Container.CreateIfNotExists()
        Container.SetPermissions(New BlobContainerPermissions() With {.PublicAccess = BlobContainerPublicAccessType.Blob})

        Return Container
    End Function

    Private Shared Function GetCloudBlobClient() As CloudBlobClient
        Dim Account As CloudStorageAccount = CloudStorageAccount.Parse(Settings.Cloud.AzureStorageConnectionString())

        Return Account.CreateCloudBlobClient()
    End Function

... 容器只是容器名称的枚举（有几个）：

...Containers is just an enum of container names (there are several):

 Public Enum Containers
     CallerWavs
     CampaignImports
     Delve
     Exports
     CampaignImages
     Logos
     ReportLogos
     WebLinkImages
 End Enum

...是的，他们有大写字符，这会导致问题。一切都被强制为小写字母就熄灭了。

...Yes, they have upper-case characters, which causes problems. Everything is forced to lowercase before it goes out.

我也做验证正确AzureConnectionString是走出我的设置类。再次，我尝试了一些工作，这在其他地方。而这一次在其他地方工作也！

Also I did verify that the correct AzureConnectionString is coming out of my settings class. Again, I tried a few that work elsewhere. And this one works elsewhere also!

推荐答案

请检查时钟有问题的服务器上。除了不正确的账号密码，你也可以得到403错误，如果在服务器上的时间不同步与存储服务器的时间（允许给予或采取+/-15分钟偏差）。

Please check the clock on the servers in question. Apart from the incorrect account key, you can also get 403 error if the time on the server is not in sync with the time on storage servers (Give or take +/- 15 minutes deviation is allowed).

这篇关于403错误从WindowsAzure.Storage生产的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！