对发布客户端进行身份验证(Azure 事件网格)Authenticate publishing clients (Azure Event Grid)

本文提供有关使用访问密钥或共享访问签名 (SAS) 令牌对将事件发布到 Azure 事件网格主题或域的客户端进行身份验证的信息。This article provides information on authenticating clients that publish events to Azure Event Grid topics or domains using access key or Shared Access Signature (SAS) token. 我们建议使用 SAS 令牌,但密钥身份验证提供简单的编程,并与多个现有 Webhook 发布服务器兼容。We recommend using SAS token, but key authentication provides simple programming, and is compatible with many existing webhook publishers.

使用访问密钥进行身份验证Authenticate using an access key

访问密钥身份验证是最简单的身份验证形式。Access key authentication is the simplest form of authentication. 可以将访问密钥作为 HTTP 标头或 URL 查询参数传递。You can pass the access key as a HTTP header or a URL query parameter.

HTTP 标头中的访问密钥Access key in a HTTP header

将访问密钥作为 HTTP 标头的值传递:aeg-sas-keyPass the access key as a value for the HTTP header: aeg-sas-key.

aeg-sas-key: XXXXXXXXXXXXXXXXXX0GXXX/nDT4hgdEj9DpBeRr38arnnm5OFg==

用作查询参数的访问密钥Access key as a query parameter

还可以将 aeg-sas-key 指定为查询参数。You can also specify aeg-sas-key as a query parameter.

https://<yourtopic>.<region>.eventgrid.azure.cn/eventGrid/api/events?api-version=2018-01-01&&aeg-sas-key=XXXXXXXX53249XX8XXXXX0GXXX/nDT4hgdEj9DpBeRr38arnnm5OFg==

有关如何获取主题或域的访问密钥的说明,请参阅获取访问密钥For instructions on how to get access keys for a topic or domain, see Get access keys.

使用 SAS 令牌进行身份验证Authenticate using a SAS token

事件网格资源的 SAS 令牌包括资源、过期时间和签名。SAS tokens for an Event Grid resource include the resource, expiration time, and a signature. SAS 令牌的格式是:r={resource}&e={expiration}&s={signature}The format of the SAS token is: r={resource}&e={expiration}&s={signature}.

资源是要将事件发送到的事件网格主题的路径。The resource is the path for the event grid topic to which you're sending events. 例如,有效的资源路径是 https://<yourtopic>.<region>.eventgrid.azure.cn/eventGrid/api/events?api-version=2018-01-01For example, a valid resource path is: https://<yourtopic>.<region>.eventgrid.azure.cn/eventGrid/api/events?api-version=2018-01-01. 若要查看所有受支持的 API 版本,请参阅 Microsoft.EventGrid 资源类型To see all the supported API versions, see Microsoft.EventGrid resource types.

首先,以编程方式生成 SAS 令牌,然后使用 aeg-sas-token 标头或 Authorization SharedAccessSignature 标头向事件网格进行身份验证。First, programmatically generate a SAS token and then use the aeg-sas-token header or Authorization SharedAccessSignature header to authenticate with Event Grid.

以编程方式生成 SAS 令牌Generate SAS token programmatically

以下示例会创建用于事件网格的 SAS 令牌:The following example creates a SAS token for use with Event Grid:

static string BuildSharedAccessSignature(string resource, DateTime expirationUtc, string key)
{
    const char Resource = 'r';
    const char Expiration = 'e';
    const char Signature = 's';

    string encodedResource = HttpUtility.UrlEncode(resource);
    var culture = CultureInfo.CreateSpecificCulture("en-US");
    var encodedExpirationUtc = HttpUtility.UrlEncode(expirationUtc.ToString(culture));

    string unsignedSas = $"{Resource}={encodedResource}&{Expiration}={encodedExpirationUtc}";
    using (var hmac = new HMACSHA256(Convert.FromBase64String(key)))
    {
        string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(unsignedSas)));
        string encodedSignature = HttpUtility.UrlEncode(signature);
        string signedSas = $"{unsignedSas}&{Signature}={encodedSignature}";

        return signedSas;
    }
}

使用 aeg-sas-token 标头Using aeg-sas-token header

以下是将 SAS 令牌作为 aeg-sas-toke 标头的值传递的示例。Here's an example of passing the SAS token as a value for the aeg-sas-toke header.

aeg-sas-token: r=https%3a%2f%2fmytopic.eventgrid.azure.cn%2feventGrid%2fapi%2fevent&e=6%2f15%2f2017+6%3a20%3a15+PM&s=XXXXXXXXXXXXX%2fBPjdDLOrc6THPy3tDcGHw1zP4OajQ%3d

使用 Authorization 标头Using Authorization header

以下是将 SAS 令牌作为 Authorization 标头的值传递的示例。Here's an example of passing the SAS token as a value for the Authorization header.

Authorization: SharedAccessSignature r=https%3a%2f%2fmytopic.eventgrid.azure.cn%2feventGrid%2fapi%2fevent&e=6%2f15%2f2017+6%3a20%3a15+PM&s=XXXXXXXXXXXXX%2fBPjdDLOrc6THPy3tDcGHw1zP4OajQ%3d

后续步骤Next steps

请参阅事件传递身份验证,了解如何使用事件处理程序进行身份验证以传递事件。See Event delivery authentication to learn about authentication with event handlers to deliver events.