I have a WebForms app that uses the WindowsAzure.Storage API v3. It works fine in development and in one production environment, but I'm rolling out a new instance and any code that calls out Azure Blob Storage gives me a 403 error.

我有一个使用 WindowsAzure.Storage API v3 的 WebForms 应用程序。它在开发和一个生产环境中运行良好，但我正在推出一个新实例，任何调用 Azure Blob 存储的代码都会出现 403 错误。

I've been fiddling with this for awhile, and it fails on any call out to Blob Storage, so rather than show my code I'll show my stack trace:

我一直在摆弄这个，它在调用 Blob 存储时失败，所以我不显示我的代码，而是显示我的堆栈跟踪：

[WebException: The remote server returned an error: (403) Forbidden.]
   System.Net.HttpWebRequest.GetResponse() +8525404
   Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync(RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) +1541

[StorageException: The remote server returned an error: (403) Forbidden.]
   Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteSync(RESTCommand`1 cmd, IRetryPolicy policy, OperationContext operationContext) +2996
   Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer.CreateIfNotExists(BlobContainerPublicAccessType accessType, BlobRequestOptions requestOptions, OperationContext operationContext) +177
   ObsidianData.Azure.Storage.GetContainer(CloudBlobClient client, Containers targetContainer) in D:\Dev\nSource\Obsidian\Source\ObsidianData\Azure\Storage.vb:84
   ObsidianWeb.Leads.HandleListenLink(String fileName, HyperLink link) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:188
   ObsidianWeb.Leads.LoadEntity_ContactDetails(BoLead lead) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:147
   ObsidianWeb.Leads.LoadEntity(BoLead Lead) in D:\Dev\nSource\Obsidian\Source\ObsidianWeb\Bdc\Leads.aspx.vb:62
   EntityPages.EntityPage`1.LoadEntity() +91
   EntityPages.EntityPage`1.Page_LoadComplete(Object sender, EventArgs e) +151
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4018

Here's what I've tried...

这是我尝试过的...

• The AzureStorageConnectionString that fails in this environment definitely works in production
• Other connection strings (from the other production environment, which works) also get a 403 here
• There seemed to be an issue with timestamps in some old versions of the REST api (which I am not directly using...) so I made certain the times are correct, even tried switching the server to UTC time.
• Tried toggling the connection string between http/https.
• Upgraded to the latest version of the API (v3.1)
• Tried fiddling with the code to ensure that every call out to Azure Storage gets 403. It does.
• In desperation, Installed Azure Powershell on the server just to verify that some type of communication with Azure is working. And that worked fine.
• Browsed to the azure management portal as well and that works fine.

• 在此环境中失败的 AzureStorageConnectionString 在生产中肯定有效
• 其他连接字符串（来自其他有效的生产环境）也在此处获得 403
• 某些旧版本的 REST api（我没有直接使用......）中的时间戳似乎存在问题，所以我确定时间是正确的，甚至尝试将服务器切换到 UTC 时间。
• 尝试在 http/https 之间切换连接字符串。
• 升级到最新版本的API（v3.1）
• 尝试摆弄代码以确保对 Azure 存储的每次调用都得到 403。确实如此。
• 无奈之下，在服务器上安装了 Azure Powershell，只是为了验证与 Azure 的某种类型的通信是否正常。这工作得很好。
• 也浏览了 azure 管理门户，效果很好。

Any ideas? This should just be using port 80 or 443, right? So there should be no way this is some kind of network issue. Let me know if that's wrong.

有任何想法吗？这应该只是使用端口 80 或 443，对吗？所以应该不可能这是某种网络问题。让我知道这是否是错误的。

• The working production machine is an Azure VM (Server 2008 R2 with IIS 7.5) There are also some differences with the server:
• This new machine is physical hardware (Server 2012 and IIS 8)
• This IS using a different storage account inside my azure subscription, however I've tried a total of 3 connection strings and none of them work here.

• 工作生产机器是 Azure VM（带有 IIS 7.5 的 Server 2008 R2）与服务器也有一些差异：
• 这台新机器是物理硬件（Server 2012 和 IIS 8）
• 这是在我的 azure 订阅中使用不同的存储帐户，但是我总共尝试了 3 个连接字符串，但没有一个在这里工作。

UPDATE:someone asked to see the code. Okay, I wrote a class called Azure.Storage, which just abstracts my cloud storage code. We are failing on a call to Storage.Exists, so here's the part of that class that feels relevant:

更新：有人要求查看代码。好的，我写了一个叫做 Azure.Storage 的类，它只是抽象了我的云存储代码。我们在调用 Storage.Exists 时失败了，所以这是该类中感觉相关的部分：

    Public Shared Function Exists(container As Containers, blobName As String) As Boolean
        Dim Dir As CloudBlobContainer = GetContainer(container)
        Dim Blob As CloudBlockBlob = Dir.GetBlockBlobReference(blobName.ToLower())

        Return Blob.Exists()
    End Function

    Private Shared Function GetContainer(client As CloudBlobClient, targetContainer As Containers)
        Dim Container As CloudBlobContainer = client.GetContainerReference(targetContainer.ToString.ToLower())
        Container.CreateIfNotExists()
        Container.SetPermissions(New BlobContainerPermissions() With {.PublicAccess = BlobContainerPublicAccessType.Blob})

        Return Container
    End Function

    Private Shared Function GetCloudBlobClient() As CloudBlobClient
        Dim Account As CloudStorageAccount = CloudStorageAccount.Parse(Settings.Cloud.AzureStorageConnectionString())

        Return Account.CreateCloudBlobClient()
    End Function

...Containersis just an enum of container names (there are several):

... Containers只是容器名称的枚举（有几个）：

 Public Enum Containers
     CallerWavs
     CampaignImports
     Delve
     Exports
     CampaignImages
     Logos
     ReportLogos
     WebLinkImages
 End Enum

...Yes, they have upper-case characters, which causes problems. Everything is forced to lowercase before it goes out.

...是的，它们有大写字符，这会导致问题。在它消失之前，所有东西都被强制小写。

Also I did verify that the correct AzureConnectionString is coming out of my settings class. Again, I tried a few that work elsewhere. And this one works elsewhere also!

此外，我确实验证了正确的 AzureConnectionString 是否来自我的设置类。再一次，我尝试了一些在其他地方有效的方法。这个也适用于其他地方！