【问题标题】:How can I create an Azure Auth Token in a blobTrigger Azure Function?如何在 blobTrigger Azure 函数中创建 Azure 身份验证令牌?
【发布时间】:2021-02-12 04:16:08
【问题描述】:

我正在尝试从 Azure 函数创建新的存储帐户资源。我正在尝试使用 StorageManagementClient,并且需要传入 ServiceClientCredential。

我的代码感觉太简单了……它可以编译,但我觉得我必须遗漏一些参数。我在我的订阅中传递了一个帐户的订阅 ID 和租户 ID。

    AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
    string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/", tenantId);
    ServiceClientCredentials credentials = new TokenCredentials(accessToken);
    StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };

当它运行时,我收到以下错误:

2021-02-12T03:32:26.407 [Error] Executed 'BlobTrigger1' (Failed, Id=9c293b8d-591e-420e-b376-dc9ac45097cc, Duration=343ms)Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An attempt was made to access a socket in a way forbidden by its access permissions.Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json"Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: https://login.microsoftonline.com/cd256644-73f5-4da4-af5d-4a977f7a6a5d. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command,operable program or batch file.

【问题讨论】:

    标签: azure azure-functions


    【解决方案1】:

    您的代码是正确的。我发现这个issues 和你的很相似。你可以试试这个:

    嗨朋友们,我几乎没有能力编写花哨的解决方法代码(我的 头不在那里),但根据你上面所说的,我回想起 一些旧建议:在 VS 2017 程序顶部的工具栏中 转到:工具、选项、Azure 服务身份验证、帐户 选择,点击微软横幅右侧的下拉箭头 上面有您的帐户名称,单击您的帐户弹出窗口 再一次......很难(真的坚持),这奏效了。我真的觉得 在这里“修复它”可能对很多人来说都很好。不要得到 我错了,你们女孩(男孩)更清楚。男孩,我只是想要它 工作(呸!)谢谢 :)

    如果这不能解决你的问题,你可以试试这个code

            public static async Task Main(string[] args)
            {
                string accessToken = await GetAuthorizationHeader();
                ServiceClientCredentials credentials = new TokenCredentials(accessToken);
                StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };
            }
    
            public static async Task<string> GetAuthorizationHeader()
            {
                ClientCredential cc = new ClientCredential(applicationId, password);
                var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
                var result = await context.AcquireTokenAsync("https://management.azure.com/", cc);
    
                if (result == null)
                {
                    throw new InvalidOperationException("Failed to obtain the JWT token");
                }
    
                string token = result.AccessToken;
    
                return token;
            }
    

    【讨论】:

    【解决方案2】:

    按照有关创建Application Resgistration in Azure AD 的说明,这是我最终开始工作的代码:

    var azureAuthConnectionString = $"RunAs=App;AppId={appId};TenantId={tenantId};AppKey={appKey}";
    AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(azureAuthConnectionString);
    string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
    ServiceClientCredentials credentials = new TokenCredentials(accessToken);
    StorageManagementClient StorageManagement = new StorageManagementClient(credentials) { SubscriptionId = subscriptionId };
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2020-01-12
      • 2021-01-26
      • 2021-01-28
      • 2021-12-19
      • 2017-10-24
      • 2016-08-10
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多