1. 首页
  2. 问答
  3. 无法使用Azure中的服务原则获得经典的Web角色

无法使用Azure中的服务原则获得经典的Web角色

2017-07-18 24 views
1

以下代码在验证有效的情况下起作用。但是当我尝试使用服务原则作为身份验证时,身份验证失败。无法使用Azure中的服务原则获得经典的Web角色

工作脚本:

var context = new AuthenticationContext(azureAdUrl + azureADTenant); 
var credential = new UserPasswordCredential(azureUsername, azurePassword); 
var authParam = new PlatformParameters(PromptBehavior.RefreshSession, null); 
var tokenInfo = context.AcquireTokenAsync("https://management.core.windows.net/", azureADClientId, credential); 

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken); 

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds); 
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name; 
string label = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Label;

不工作:

AuthenticationFailed:JWT的令牌不包含预期的观众 URI 'https://management.core.windows.net/'。

ClientCredential cc = new ClientCredential(applicationClientID, accessKey); 
var context = new AuthenticationContext("https://login.windows.net/" + AzureTenantId); 
var tokenInfo = context.AcquireTokenAsync("https://management.azure.com/", cc); 

tokenInfo.Wait(); 

if (tokenInfo == null) 
{ 
    throw new InvalidOperationException("Failed to obtain the JWT token"); 
} 

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken); 

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds); 
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name;

来源

2017-07-18 kumar

回答

1

我不认为这是可能使用Service Principal访问经典Azure的资源。

经典的Azure资源通过Service Management API进行管理,它没有任何Service Principal的概念。它仅在为管理员或共同管理员获取令牌时才支持令牌。

您需要使用实际用户的用户名/密码才能使用Service Management API。

来源

2017-07-18 13:28:55

0

根据你的代码,我在我身边测试了它,并且可能遇到与你提供的相同的问题。 Gaurav Mantri提供了合理的答案。 AFAIK,对于经典的Azure服务(ASM),您可以参考Authenticate using a management certificate并上传management API certificate

这里是我的代码片段,你可以参考一下吧:

CertificateCloudCredentials credential = new CertificateCloudCredentials("<subscriptionId>",GetStoreCertificate("<thumbprint>")); 
ComputeManagementClient computeClient = new ComputeManagementClient(credential); 
string deploymentName = computeClient.Deployments.GetBySlot("<serviceName>", DeploymentSlot.Production).Name;

结果:

enter image description here

来源

2017-07-19 09:40:45

相关问题

 相关问题