假设您是一个移动App开发者,希望使用阿里云OSS服务来保存App的终端用户数据,并且要保证每个App用户之间的数据隔离。此时,您可以使用STS授权用户直接访问OSS。
使用STS授权用户直接访问OSS的流程如下:
1、关于秘钥等信息的申请见如下链接
切记别忘了设置权限!在添加权限页面,选择AliyunSTSAssumeRoleAccess系统策略
2、配置文件的格式如下
{
"Aliyun": {
"AccessKey": {
"Id": "xxxxxxxxxx",
"Secret": "xxxxxxxxxxxxxxxxxxxx"
},
"Endpoint": "xxxxxxxxxxxxxxxxxxxx",
"BucketName": "xxxxxx",
"UploadRoleArn": "xxxxxxxxxxxxxxxxxxxx"
}
}
3、如何读取配置文件可看下往期文章
4、编写获取临时访问凭证的代码
/// <summary>
/// 获取临时访问凭证
/// </summary>
/// <returns></returns>
[HttpPost, HttpGet, HttpOptions, CorsOptions]
public IActionResult GetTemporaryAccessCredentials()
{
string accessKey = _configuration["Aliyun:AccessKey:Id"];
string secretKey = _configuration["Aliyun:AccessKey:Secret"];
string bucket = _configuration["Aliyun:BucketName"];
string endpoint = _configuration["Aliyun:Endpoint"];
string roleArn = _configuration["Aliyun:UploadRoleArn"];
// 构建一个阿里云客户端,用于发起请求。
// 构建阿里云客户端时需要设置AccessKey ID和AccessKey Secret。
IClientProfile profile = DefaultProfile.GetProfile("cn-hangzhou", accessKey, secretKey);
DefaultAcsClient client = new DefaultAcsClient(profile);
// 构建请求,设置参数。关于参数含义和设置方法,请参见《API参考》。
var request = new AssumeRoleRequest();
request.RoleArn = roleArn;
request.RoleSessionName = "test_role"; // 自定义角色会话名称,用来区分不同的令牌,例如可填写为SessionTest
if(!string.IsNullOrWhiteSpace(accessKey) && !string.IsNullOrWhiteSpace(secretKey) && !string.IsNullOrWhiteSpace(roleArn) && !string.IsNullOrWhiteSpace(endpoint) && !string.IsNullOrWhiteSpace(bucket))
{
// 发起请求,并得到响应。
try
{
var response = client.GetAcsResponse(request);
// 辅助类
STS_Signature STSMod = new STS_Signature();
STSMod.AccessKeyId = response.Credentials.AccessKeyId;
STSMod.AccessKeySecret = response.Credentials.AccessKeySecret;
STSMod.SecurityToken = response.Credentials.SecurityToken;
// Token过期时间;服务器返回UTC时间,这里转换成北京时间显示;
STSMod.Expiration = DateTime.Parse(response.Credentials.Expiration).ToLocalTime();
STSMod.Endpoint = endpoint;
STSMod.BucketName = bucket;
STSMod.Region = "oss-cn-shanghai";
return SuccessResult(STSMod);
}
catch(ServerException e)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + e.Message);
return ErrorResult("临时授权失败,错误原因:" + e.Message, 111150);
}
catch(Aliyun.Acs.Core.Exceptions.ClientException e)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + e.Message);
return ErrorResult("临时授权失败,错误原因:" + e.Message, 111151);
}
catch(Exception ex)
{
LogHelper.WriteErrorLog("临时授权失败,错误原因:" + ex.Message);
return ErrorResult("临时授权失败,错误原因:" + ex.Message, 111152);
}
}
else return ErrorResult("阿里云配置文件读取失败,请联系网站管理员!", 111111);
}
5、返回值辅助类STS_Signature
public class STS_Signature
{
private string _AccessKeyId;
public string AccessKeyId
{
get
{
return _AccessKeyId;
}
set
{
_AccessKeyId = value;
}
}
private string _AccessKeySecret;
public string AccessKeySecret
{
get
{
return _AccessKeySecret;
}
set
{
_AccessKeySecret = value;
}
}
private string _SecurityToken;
public string SecurityToken
{
get
{
return _SecurityToken;
}
set
{
_SecurityToken = value;
}
}
private string _Endpoint;
public string Endpoint
{
get
{
return _Endpoint;
}
set
{
_Endpoint = value;
}
}
private string _BucketName;
public string BucketName
{
get
{
return _BucketName;
}
set
{
_BucketName = value;
}
}
private DateTime _Expiration;
public DateTime Expiration
{
get
{
return _Expiration;
}
set
{
_Expiration = value;
}
}
private string _Region;
public string Region
{
get
{
return _Region;
}
set
{
_Region = value;
}
}
}
6、日志工具类
首先要在NuGet中安装Log4Net
public static class LogHelper
{
private static log4net.ILog log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
public static void WriteInfoLog(string message)
{
try
{
log.Info(message);
}
catch(Exception ex)
{
}
}
public static void WriteErrorLog(string message)
{
try
{
log.Error(message);
}
catch(Exception ex)
{
}
}
}