[英]Creating resource groups from Azure Web App Managed Service Identity
I'm trying to build a Bot using MS Bot framework and this bot is hosted as an Azure Web App.我正在尝试使用 MS Bot 框架构建一个机器人,并且该机器人作为 Azure Web 应用程序托管。 I've added code to create resource groups using the Microsoft.Azure.Management.Fluent APIs
我添加了使用Microsoft.Azure.Management.Fluent API 创建资源组的代码
AzureCredentialsFactory f = new AzureCredentialsFactory();
var msi = new MSILoginInformation(MSIResourceType.AppService);
var msiCred = f.FromMSI(msi, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
.Authenticate(msiCred);
var azure = azureAuth.WithSubscription(subscription);
var resourceGroup = azure.ResourceGroups.Define(rg)
.WithRegion(Region.EuropeWest)
.Create();
This code is levering the Managed Service Identity of the Web app.此代码利用了 Web 应用程序的托管服务标识。 I've made this web app "Owner" of the Azure subscription.
我已将此 Web 应用程序设为 Azure 订阅的“所有者”。
when i execute this code i keep getting this exception当我执行此代码时,我不断收到此异常
Exception: The access token has been obtained from wrong audience or resource ' https://management.core.windows.net '.
例外:已从错误的受众或资源“ https://management.core.windows.net ”获取访问令牌。 It should exactly match (including forward slash) with one of the allowed audiences ' https://management.core.windows.net/ ',' https://management.azure.com/ '.
它应该完全一致(包括斜杠)与允许观众“的一个https://management.core.windows.net/ ”,“ https://management.azure.com/ ”。
I never set the audience or resource by hand and don't see any option on how to do this.我从不手动设置受众或资源,也没有看到有关如何执行此操作的任何选项。
When i change my code to use a service principal i created myself it works great当我更改代码以使用我自己创建的服务主体时,效果很好
ServicePrincipalLoginInformation loginInfo = new ServicePrincipalLoginInformation()
{
ClientId = _clientId,
ClientSecret = _clientSecret
};
var credentials = new AzureCredentials(loginInfo, _tenantId, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
.Authenticate(credentials);
How to set this audience or resource or what am i doing wrong?如何设置此受众或资源或我做错了什么?
How to set this audience or resource or what am i doing wrong?
如何设置此受众或资源或我做错了什么?
I also can reproduce this issue on my side.我也可以在我这边重现这个问题。 It seems it is the SDK issue.
看来是SDK的问题。 You could report it to the Azure SDK github issue .
您可以将其报告给Azure SDK github 问题。
Update:更新:
According to issue-4090 , it has been fixed in version 1.7, you could test again if it is released.根据issue-4090 ,已经在 1.7 版本修复,如果发布可以再次测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.