使用临时URL进行授权访问
开发过程中,您有任何问题可以在github上提交issue,或者在华为云对象存储服务论坛中发帖求助。接口参考文档详细介绍了每个接口的参数和使用方法。
OBS客户端支持通过访问密钥、请求方法类型、请求参数等信息生成一个在Query参数中携带鉴权信息的URL,可将该URL提供给其他用户进行临时访问。在生成URL时,您需要指定URL的有效期来限制访客用户的访问时长。
如果您想授予其他用户对桶或对象临时进行其他操作的权限(例如上传或下载对象),则需要生成带对应请求的URL后(例如使用生成PUT请求的URL上传对象),将该URL提供给其他用户。
通过该方式可支持的操作以及相关信息见下表:
操作名 |
HTTP请求方法(OBS .NET SDK对应值) |
子资源(OBS .NET SDK对应值) |
是否需要桶名 |
是否需要对象名 |
---|---|---|---|---|
创建桶 |
HttpVerb.PUT |
N/A |
是 |
否 |
获取桶列表 |
HttpVerb.GET |
N/A |
否 |
否 |
删除桶 |
HttpVerb.DELETE |
N/A |
是 |
否 |
列举桶内对象 |
HttpVerb.GET |
N/A |
是 |
否 |
列举桶内多版本对象 |
HttpVerb.GET |
SubResourceEnum.Versions |
是 |
否 |
列举分段上传任务 |
HttpVerb.GET |
SubResourceEnum.Uploads |
是 |
否 |
获取桶元数据 |
HttpVerb.HEAD |
N/A |
是 |
否 |
获取桶区域位置 |
HttpVerb.GET |
SubResourceEnum.Location |
是 |
否 |
获取桶存量信息 |
HttpVerb.GET |
SubResourceEnum.StorageInfo |
是 |
否 |
设置桶配额 |
HttpVerb.PUT |
SubResourceEnum.Quota |
是 |
否 |
获取桶配额 |
HttpVerb.GET |
SubResourceEnum.Quota |
是 |
否 |
设置桶存储类型 |
HttpVerb.PUT |
SubResourceEnum.StoragePolicy |
是 |
否 |
获取桶存储类型 |
HttpVerb.GET |
SubResourceEnum.StoragePolicy |
是 |
否 |
设置桶访问权限 |
HttpVerb.PUT |
SubResourceEnum.Acl |
是 |
否 |
获取桶访问权限 |
HttpVerb.GET |
SubResourceEnum.Acl |
是 |
否 |
开启/关闭桶日志 |
HttpVerb.PUT |
SubResourceEnum.Logging |
是 |
否 |
查看桶日志 |
HttpVerb.GET |
SubResourceEnum.Logging |
是 |
否 |
设置桶策略 |
HttpVerb.PUT |
SubResourceEnum.Policy |
是 |
否 |
查看桶策略 |
HttpVerb.GET |
SubResourceEnum.Policy |
是 |
否 |
删除桶策略 |
HttpVerb.DELETE |
SubResourceEnum.Policy |
是 |
否 |
设置生命周期规则 |
HttpVerb.PUT |
SubResourceEnum.Lifecycle |
是 |
否 |
查看生命周期规则 |
HttpVerb.GET |
SubResourceEnum.Lifecycle |
是 |
否 |
删除生命周期规则 |
HttpVerb.DELETE |
SubResourceEnum.Lifecycle |
是 |
否 |
设置托管配置 |
HttpVerb.PUT |
SubResourceEnum.Website |
是 |
否 |
查看托管配置 |
HttpVerb.GET |
SubResourceEnum.Website |
是 |
否 |
清除托管配置 |
HttpVerb.DELETE |
SubResourceEnum.Website |
是 |
否 |
设置桶多版本状态 |
HttpVerb.PUT |
SubResourceEnum.Versioning |
是 |
否 |
查看桶多版本状态 |
HttpVerb.GET |
SubResourceEnum.Versioning |
是 |
否 |
设置跨域规则 |
HttpVerb.PUT |
SubResourceEnum.Cors |
是 |
否 |
查看跨域规则 |
HttpVerb.GET |
SubResourceEnum.Cors |
是 |
否 |
删除跨域规则 |
HttpVerb.DELETE |
SubResourceEnum.Cors |
是 |
否 |
设置桶标签 |
HttpVerb.PUT |
SubResourceEnum.Tagging |
是 |
否 |
查看桶标签 |
HttpVerb.GET |
SubResourceEnum.Tagging |
是 |
否 |
删除桶标签 |
HttpVerb.DELETE |
SubResourceEnum.Tagging |
是 |
否 |
上传对象 |
HttpVerb.PUT |
N/A |
是 |
是 |
追加上传 |
HttpVerb.POST |
SubResourceEnum.Append |
是 |
是 |
下载对象 |
HttpVerb.GET |
N/A |
是 |
是 |
复制对象 |
HttpVerb.PUT |
N/A |
是 |
是 |
删除对象 |
HttpVerb.DELETE |
N/A |
是 |
是 |
批量删除对象 |
HttpVerb.POST |
SubResourceEnum.Delete |
是 |
是 |
获取对象属性 |
HttpVerb.HEAD |
N/A |
是 |
是 |
设置对象访问权限 |
HttpVerb.PUT |
SubResourceEnum.Acl |
是 |
是 |
查看对象访问权限 |
HttpVerb.GET |
SubResourceEnum.Acl |
是 |
是 |
初始化分段上传任务 |
HttpVerb.POST |
SubResourceEnum.Uploads |
是 |
是 |
上传段 |
HttpVerb.PUT |
N/A |
是 |
是 |
复制段 |
HttpVerb.PUT |
N/A |
是 |
是 |
列举已上传的段 |
HttpVerb.GET |
N/A |
是 |
是 |
合并段 |
HttpVerb.POST |
N/A |
是 |
是 |
取消分段上传任务 |
HttpVerb.DELETE |
N/A |
是 |
是 |
恢复归档存储对象 |
HttpVerb.POST |
SubResourceEnum.Restore |
是 |
是 |
通过OBS .NET SDK生成临时URL访问OBS的步骤如下:
- 通过ObsClient.CreateTemporarySignature生成带签名信息的URL。
- 使用任意HTTP库发送HTTP/HTTPS请求,访问OBS服务。
以下代码展示了如何使用临时URL进行授权访问,包括:创建桶、上传对象、下载对象、列举对象、删除对象。
创建桶
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.Method = HttpVerb.PUT; request.Expires = exipreSeconds; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Creating bucket using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用PUT请求创建桶 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "PUT"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } string location = "your bucket location"; webRequest.SendChunked = true; webRequest.AllowWriteStreamBuffering = false; using (Stream requestStream = webRequest.GetRequestStream()) { byte[] buffer = Encoding.UTF8.GetBytes("<CreateBucketConfiguration><LocationConstraint>" + location + "</LocationConstraint></CreateBucketConfiguration>"); requestStream.Write(buffer, 0, buffer.Length); } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); }
上传对象
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectkey"; request.Method = HttpVerb.PUT; request.Expires = exipreSeconds; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Creating object using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用PUT请求上传对象 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "PUT"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } webRequest.SendChunked = true; webRequest.AllowWriteStreamBuffering = false; using (Stream requestStream = webRequest.GetRequestStream()) { byte[] buffer = Encoding.UTF8.GetBytes("Hello OBS"); requestStream.Write(buffer, 0, buffer.Length); } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); }
下载对象
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectkey"; request.Method = HttpVerb.GET; request.Expires = exipreSeconds; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Getting object using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用GET请求下载对象 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "GET"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); }
列举对象
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.Method = HttpVerb.GET; request.Expires = exipreSeconds; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Getting object list using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用GET请求获取对象列表 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "GET"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); }
删除对象
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectkey"; request.Method = HttpVerb.DELETE; request.Expires = exipreSeconds; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Deleting object using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用DELETE请求删除对象 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "DELETE"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); }
初始化分段上传任务
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // URL有效期,3600秒 long exipreSeconds = 3600; CreateTemporarySignatureRequest request = new CreateTemporarySignatureRequest(); request.BucketName = "bucketname"; request.ObjectKey = "objectkey"; request.Method = HttpVerb.POST; request.Expires = exipreSeconds; request.SubResource = SubResourceEnum.Uploads; CreateTemporarySignatureResponse response = client.CreateTemporarySignature(request); Console.WriteLine("Creating mission using temporary signature url:"); Console.WriteLine("\t" + response.SignUrl); // 使用POST请求创建多段任务 HttpWebRequest webRequest = WebRequest.Create(response.SignUrl) as HttpWebRequest; webRequest.Method = "POST"; foreach (KeyValuePair<string, string> header in response.ActualSignedRequestHeaders) { if (!header.Key.Equals("host", StringComparison.OrdinalIgnoreCase)) { webRequest.Headers.Add(header.Key, header.Value); } } HttpWebResponse webResponse = null; try { webResponse = webRequest.GetResponse() as HttpWebResponse; } catch (WebException ex) { webResponse = ex.Response as HttpWebResponse; } Console.WriteLine("Response Status:" + Convert.ToInt32(webResponse.StatusCode)); using (MemoryStream dest = new MemoryStream()) { using (Stream stream = webResponse.GetResponseStream()) { byte[] buffer = new byte[8192]; int bytesRead; while ((bytesRead = stream.Read(buffer, 0, buffer.Length)) > 0) { dest.Write(buffer, 0, bytesRead); } } Console.WriteLine("Response Content:"); Console.WriteLine(Encoding.UTF8.GetString(dest.ToArray())); } |
HttpVerb是OBS .NET SDK定义的枚举类型,代表请求方法类型。