OSS前端直传+后端签名
一、服务端签名后前端直传
public static string accessKeyId = "你的accessKeyId";
public static string accessKeySecret = "你的accessKeySecret";
public static string bucketName = "你的桶名称";
public static string endpoint = "oss-cn-beijing.aliyuncs.com";
public static int expireTime = 30;
public Dictionary<string, string> GetPolicy(string fileName
{
var dir = DateTime.Now.ToString("yyyyMMdd" + "/";
// 构造OssClient实例。 endpoint 格式:https://oss-cn-beijing.aliyuncs.com
var ossClient = new OssClient("https://" + endpoint, accessKeyId, accessKeySecret;
var config = new PolicyConditions(;
config.AddConditionItem(PolicyConditions.CondContentLengthRange, 1, 1024L * 1024 * 1024 * 5;// 文件大小范围:单位byte
config.AddConditionItem(MatchMode.StartWith, PolicyConditions.CondKey, dir;
var expire = DateTimeOffset.Now.AddMinutes(30;// 过期时间
// 生成 Policy,并进行 Base64 编码
var policy = ossClient.GeneratePostPolicy(expire.LocalDateTime, config;
var policyBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(policy;
// 计算签名
var hmac = new HMACSHA1(Encoding.UTF8.GetBytes(accessKeySecret;
var bytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(policyBase64;
var sign = Convert.ToBase64String(bytes;
// 将签名和回调的内容,返回给前端
var host = $"https://{bucketName}.{endpoint}";
var key = $"{dir}{Guid.NewGuid(}/{fileName}";
var fullUrl = $"https://{bucketName}.{endpoint}/{key}";
var rt = new Dictionary<string, string>
{
{ "OSSAccessKeyId",accessKeyId},
{ "Host",host },
{ "key",key},
{ "policy",policyBase64},
{ "Signature",sign},
{ "success_action_status","200"},
{ "fullUrl",fullUrl },
{"expire",expire.ToString( }
};
return rt;
}
前端首先访问后端获取签名,获取签名后使用FromData的形式上传文件
async startUpload( {
// 获取后端签名和上传地址
const res = await axios.get("http://localhost:5152/api/OSS/GetPolicy", {
params: {
name: this.file.name
}
};
var formData = new FormData(;
formData.append("name", this.file.name;
formData.append("OSSAccessKeyId", res.data.OSSAccessKeyId;
formData.append("key", res.data.key;
formData.append("policy", res.data.policy;
formData.append("signature", res.data.Signature;
formData.append("success_action_status", res.data.success_action_status;
formData.append("file", this.file;
axios
.post(res.data.Host, formData, {
headers: {
"Content-Type": "multipart/form-data"
},
withCredentials: false
}
.then(res => {
console.log(res;
};
}
二、服务端STS签名前端分片上传+断点续传
当文件过大时,考虑使用分片上传和断点续传的方式来上传文件到oss,这时我们就不能直接使用accesskeyId和accessKeySecret的方式来在前端上传,以免暴露我们的密钥,当然也不能直接使用第一种的方式进行签名(或许可以,没有找到示例,也没有研究出来),所以我们采用STStoken的方式签名,然后在前端使用阿里云提供的SDK进行文件上传。
首先登录阿里云开通sts账户和权限。
安装 aliyun-net-sdk-core和aliyun-net-sdk-sts sdk
public Dictionary<string, string> GetSTSToken(
{
//此处使用sts账户的id和secret
var AccessKeyID = "***";
var AccessKeySecret = "***";
string bucketName = "***";
// ststoken
IClientProfile profile = DefaultProfile.GetProfile("oss-cn-beijing", AccessKeyID, AccessKeySecret;
DefaultAcsClient client = new DefaultAcsClient(profile;
var request = new AssumeRoleRequest(;
request.RoleArn = "***";
request.RoleSessionName = "xxx";//这里的名字随便写
request.DurationSeconds = 3600;//过期时间
var response = client.GetAcsResponse(request;
var result = new Dictionary<string, string>
{
{"AccessKeyId", response.Credentials.AccessKeyId},
{"AccessKeySecret",response.Credentials.AccessKeySecret },
{"SecurityToken",r