我有一个S3桶托管对象,我的用户可以通过我的应用程序下载。我使用Cloudtop的CDN有签名的URL。在美国,一切都按预期工作,但是当我在另一个国家(印度)的用户试图下载相同的对象时,他们会得到一个错误,说远程服务器返回一个错误:(403)禁止
CloudFront中配置的我的源名称和域路径的格式为xyz final bucket。s3。美国西部2号。亚马逊。com
下面是为CloudFront生成签名URL的代码:
Public Shared Function CreateCannedSignedURL(ByVal urlString As String, ByVal durationUnits As String, ByVal durationNumber As String, ByVal CannedPolicy As String, ByVal privateKey As String, ByVal privateKeyId As String) As String
Dim timeSpanInterval As TimeSpan = GetDuration(durationUnits, durationNumber)
Dim strPolicy As String = CreatePolicyStatement(CannedPolicy, urlString, DateTime.Now, DateTime.Now.Add(timeSpanInterval), "0.0.0.0/0")
If "Error!" = strPolicy Then Return "Invalid time frame. Start time cannot be greater than end time."
Dim strExpiration As String = CopyExpirationTimeFromPolicy(strPolicy)
Dim bufferPolicy As Byte() = Encoding.ASCII.GetBytes(strPolicy)
Using cryptoSHA1 As SHA1CryptoServiceProvider = New SHA1CryptoServiceProvider()
bufferPolicy = cryptoSHA1.ComputeHash(bufferPolicy)
Dim providerRSA As RSACryptoServiceProvider = New RSACryptoServiceProvider()
Dim xmlPrivateKey As XmlDocument = New XmlDocument()
Dim pemText As String
pemText = privateKey
Dim xmlContent = RsaKeyConverterHelper.PemToXml(pemText)
xmlPrivateKey.LoadXml(xmlContent)
providerRSA.FromXmlString(xmlPrivateKey.InnerXml)
Dim rsaFormatter As RSAPKCS1SignatureFormatter = New RSAPKCS1SignatureFormatter(providerRSA)
rsaFormatter.SetHashAlgorithm("SHA1")
Dim signedPolicyHash As Byte() = rsaFormatter.CreateSignature(bufferPolicy)
Dim strSignedPolicy As String = ToUrlSafeBase64String(signedPolicyHash)
Dim downloadLink As String = urlString & "?Expires=" & strExpiration & "&Signature=" & strSignedPolicy & "&Key-Pair-Id=" & privateKeyId
Return downloadLink
End Using
End Function
我的桶中的所有对象都存储在一个分区IA中。我不确定这是否是原因,因为我也尝试过改变它的标准。
我的配置中是否需要任何更改才能从所有地理位置下载?
