如何在 blobTrigger Azure 函数中创建 Azure 身份验证令牌？

Question

我正在尝试从 Azure 函数创建新的存储帐户资源。我正在尝试使用 StorageManagementClient，并且需要传入 ServiceClientCredential。

我的代码感觉太简单了……它可以编译，但我觉得我必须遗漏一些参数。我在我的订阅中传递了一个帐户的订阅 ID 和租户 ID。

    AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
    string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/", tenantId);
    ServiceClientCredentials credentials = new TokenCredentials(accessToken);
    StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };

当它运行时，我收到以下错误：

2021-02-12T03:32:26.407 [Error] Executed 'BlobTrigger1' (Failed, Id=9c293b8d-591e-420e-b376-dc9ac45097cc, Duration=343ms)Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An attempt was made to access a socket in a way forbidden by its access permissions.Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,operable program or batch file.

Answer 1

您的代码是正确的。我发现这个issues 和你的很相似。你可以试试这个：

嗨朋友们，我几乎没有能力编写花哨的解决方法代码（我的 头不在那里），但根据你上面所说的，我回想起 一些旧建议：在 VS 2017 程序顶部的工具栏中 转到：工具、选项、Azure 服务身份验证、帐户 选择，点击微软横幅右侧的下拉箭头 上面有您的帐户名称，单击您的帐户弹出窗口 再一次......很难（真的坚持），这奏效了。我真的觉得 在这里“修复它”可能对很多人来说都很好。不要得到 我错了，你们女孩（男孩）更清楚。男孩，我只是想要它 工作（呸！）谢谢 :)

如果这不能解决你的问题，你可以试试这个code：

        public static async Task Main(string[] args)
        {
            string accessToken = await GetAuthorizationHeader();
            ServiceClientCredentials credentials = new TokenCredentials(accessToken);
            StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };
        }

        public static async Task<string> GetAuthorizationHeader()
        {
            ClientCredential cc = new ClientCredential(applicationId, password);
            var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
            var result = await context.AcquireTokenAsync("https://management.azure.com/", cc);

            if (result == null)
            {
                throw new InvalidOperationException("Failed to obtain the JWT token");
            }

            string token = result.AccessToken;

            return token;
        }

Answer 2

按照有关创建Application Resgistration in Azure AD 的说明，这是我最终开始工作的代码：

var azureAuthConnectionString = $"RunAs=App;AppId={appId};TenantId={tenantId};AppKey={appKey}";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(azureAuthConnectionString);
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
ServiceClientCredentials credentials = new TokenCredentials(accessToken);
StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };