1. 首頁
  2. 問答
  3. 無法使用Azure中的服務原則獲得經典的Web角色

無法使用Azure中的服務原則獲得經典的Web角色

2017-07-18 23 views
1

以下代碼在驗證有效的情況下起作用。但是當我嘗試使用服務原則作爲身份驗證時,身份驗證失敗。無法使用Azure中的服務原則獲得經典的Web角色

工作腳本:

var context = new AuthenticationContext(azureAdUrl + azureADTenant); 
var credential = new UserPasswordCredential(azureUsername, azurePassword); 
var authParam = new PlatformParameters(PromptBehavior.RefreshSession, null); 
var tokenInfo = context.AcquireTokenAsync("https://management.core.windows.net/", azureADClientId, credential); 

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken); 

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds); 
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name; 
string label = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Label;

不工作:

AuthenticationFailed:JWT的令牌不包含預期的觀衆 URI 'https://management.core.windows.net/'。

ClientCredential cc = new ClientCredential(applicationClientID, accessKey); 
var context = new AuthenticationContext("https://login.windows.net/" + AzureTenantId); 
var tokenInfo = context.AcquireTokenAsync("https://management.azure.com/", cc); 

tokenInfo.Wait(); 

if (tokenInfo == null) 
{ 
    throw new InvalidOperationException("Failed to obtain the JWT token"); 
} 

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken); 

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds); 
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name;

來源

2017-07-18 kumar

回答

1

我不認爲這是可能使用Service Principal訪問經典Azure的資源。

經典的Azure資源通過Service Management API進行管理,它沒有任何Service Principal的概念。它僅在爲管理員或共同管理員獲取令牌時才支持令牌。

您需要使用實際用戶的用戶名/密碼才能使用Service Management API。

來源

2017-07-18 13:28:55

0

根據你的代碼,我在我身邊測試了它,並且可能遇到與你提供的相同的問題。 Gaurav Mantri提供了合理的答案。 AFAIK,對於經典的Azure服務(ASM),您可以參考Authenticate using a management certificate並上傳management API certificate

這裏是我的代碼片段,你可以參考一下吧:

CertificateCloudCredentials credential = new CertificateCloudCredentials("<subscriptionId>",GetStoreCertificate("<thumbprint>")); 
ComputeManagementClient computeClient = new ComputeManagementClient(credential); 
string deploymentName = computeClient.Deployments.GetBySlot("<serviceName>", DeploymentSlot.Production).Name;

結果:

enter image description here

來源

2017-07-19 09:40:45

相關問題

 相關問題