假设您是一个移动App开发者,希望使用阿里云OSS服务来保存App的终端用户数据,并且要保证每个App用户之间的数据隔离。此时,您可以使用STS授权用户直接访问OSS。
使用STS授权用户直接访问OSS的流程如下:
1、关于秘钥等信息的申请见如下链接
使用STS临时访问凭证访问OSS
切记别忘了设置权限!在添加权限页面,选择AliyunSTSAssumeRoleAccess系统策略
2、配置文件的格式如下
1
2
3
4
5
6
7
8
9
10
11
| {
"Aliyun": {
"AccessKey": {
"Id": "xxxxxxxxxx",
"Secret": "xxxxxxxxxxxxxxxxxxxx"
},
"Endpoint": "xxxxxxxxxxxxxxxxxxxx",
"BucketName": "xxxxxx",
"UploadRoleArn": "xxxxxxxxxxxxxxxxxxxx"
}
}
|
3、如何读取配置文件可看下往期文章
.net core 读取配置文件的几种方式_SunshineGGB的博客-CSDN博客
4、编写获取临时访问凭证的代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
[HttpPost, HttpGet, HttpOptions, CorsOptions]
public IActionResult GetTemporaryAccessCredentials()
{
string accessKey = _configuration["Aliyun:AccessKey:Id"];
string secretKey = _configuration["Aliyun:AccessKey:Secret"];
string bucket = _configuration["Aliyun:BucketName"];
string endpoint = _configuration["Aliyun:Endpoint"];
string roleArn = _configuration["Aliyun:UploadRoleArn"];
IClientProfile profile = DefaultProfile.GetProfile("cn-hangzhou", accessKey, secretKey);
DefaultAcsClient client = new DefaultAcsClient(profile);
var request = new AssumeRoleRequest();
request.RoleArn = roleArn;
request.RoleSessionName = "test_role";
if(!string.IsNullOrWhiteSpace(accessKey) && !string.IsNullOrWhiteSpace(secretKey) && !string.IsNullOrWhiteSpace(roleArn) && !string.IsNullOrWhiteSpace(endpoint) && !string.IsNullOrWhiteSpace(bucket))
{
try
{
var response = client.GetAcsResponse(request);
STS_Signature STSMod = new STS_Signature();
STSMod.AccessKeyId = response.Credentials.AccessKeyId;
STSMod.AccessKeySecret = response.Credentials.AccessKeySecret;
STSMod.SecurityToken = response.Credentials.SecurityToken;
STSMod.Expiration = DateTime.Parse(response.Credentials.Expiration).ToLocalTime();
STSMod.Endpoint = endpoint;
STSMod.BucketName = bucket;
STSMod.Region = "oss-cn-shanghai";
return SuccessResult(STSMod);
}
catch(ServerException e)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + e.Message);
return ErrorResult("临时授权失败,错误原因:" + e.Message, 111150);
}
catch(Aliyun.Acs.Core.Exceptions.ClientException e)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + e.Message);
return ErrorResult("临时授权失败,错误原因:" + e.Message, 111151);
}
catch(Exception ex)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + ex.Message);
return ErrorResult("临时授权失败,错误原因:" + ex.Message, 111152);
}
}
else return ErrorResult("阿里云配置文件读取失败,请联系网站管理员!", 111111);
}
|
5、返回值辅助类STS_Signature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
| public class STS_Signature
{
private string _AccessKeyId;
public string AccessKeyId
{
get
{
return _AccessKeyId;
}
set
{
_AccessKeyId = value;
}
}
private string _AccessKeySecret;
public string AccessKeySecret
{
get
{
return _AccessKeySecret;
}
set
{
_AccessKeySecret = value;
}
}
private string _SecurityToken;
public string SecurityToken
{
get
{
return _SecurityToken;
}
set
{
_SecurityToken = value;
}
}
private string _Endpoint;
public string Endpoint
{
get
{
return _Endpoint;
}
set
{
_Endpoint = value;
}
}
private string _BucketName;
public string BucketName
{
get
{
return _BucketName;
}
set
{
_BucketName = value;
}
}
private DateTime _Expiration;
public DateTime Expiration
{
get
{
return _Expiration;
}
set
{
_Expiration = value;
}
}
private string _Region;
public string Region
{
get
{
return _Region;
}
set
{
_Region = value;
}
}
}
|
6、日志工具类
首先要在NuGet中安装Log4Net
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| public static class LogHelper
{
private static log4net.ILog log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
public static void WriteInfoLog(string message)
{
try
{
log.Info(message);
}
catch(Exception ex)
{}
}
public static void WriteErrorLog(string message)
{
try
{
log.Error(message);
}
catch(Exception ex)
{}
}
}
|
以上就是.net core 阿里云接口之获取临时访问凭证的介绍,做此记录,如有帮助,欢迎点赞关注收藏!
