[英]Azure Datalake operation returned an invalid status code forbidden
I am writing a simple file to Azure Datalake to learn how to use this for other means, but I ma having issues and when I try to write I get the following error message我正在向 Azure Datalake 写入一个简单的文件,以了解如何将其用于其他方式,但我遇到了问题,当我尝试写入时,收到以下错误消息
21/5/2018 9:03:27 AM] Executed 'NWPimFeederFromAws' (Failed, Id=39adba4b-9c27-4078-b560-c25532e8432e)
[21/5/2018 9:03:27 AM] System.Private.CoreLib: Exception while executing function: NWPimFeederFromAws. Microsoft.Azure.Management.DataLake.Store: One or more errors occurred. (Operation returned an invalid status code 'Forbidden'). Microsoft.Azure.Management.DataLake.Store: Operation returned an invalid status code 'Forbidden'.
The code in question is as follows有问题的代码如下
static void WriteToAzureDataLake() {
// 1. Set Synchronization Context
SynchronizationContext.SetSynchronizationContext(new SynchronizationContext());
// 2. Create credentials to authenticate requests as an Active Directory application
var clientCredential = new ClientCredential(clientId, clientSecret);
//var creds = ApplicationTokenProvider.LoginSilentAsync(tenantId, clientCredential).Result;
var creds = ApplicationTokenProvider.LoginSilentAsync(tenantId, clientCredential).Result;
// 2. Initialise Data Lake Store File System Client
adlsFileSystemClient = new DataLakeStoreFileSystemManagementClient(creds);
// 3. Upload a file to the Data Lake Store
var source = "c:\\nwsys\\source.txt";
var destination = "/PIMRAW/destination.txt";
adlsFileSystemClient.FileSystem.UploadFile(adlsAccountName, source, destination, 1, false, true);
// FINISHED
Console.WriteLine("6. Finished!");
}
I have added the application from my Azure AD to the access list on that specific folder I am trying to write to as follows我已将 Azure AD 中的应用程序添加到我尝试写入的特定文件夹的访问列表中,如下所示
The clientID and clientSecret in my code comes from this app so I am a bit lost as to why I get forbidden.我的代码中的 clientID 和 clientSecret 来自这个应用程序,所以我有点不明白为什么我被禁止了。
Have I forgotten anything else?我是不是忘记了什么?
Could it be that the loginAsync has not yet finished before I try and create the client?在我尝试创建客户端之前,可能是 loginAsync 尚未完成吗?
Did you give your application/service principal execute access to the parent folders in the path to the specific folder to which you're app is writing?您是否授予您的应用程序/服务主体执行访问您的应用程序正在写入的特定文件夹的路径中的父文件夹的权限? This is needed to travers the folder path, see here for some examples: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control#common-scenarios-related-to-permissions .
这是遍历文件夹路径所必需的,请参见此处的一些示例: https : //docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control#common-scenarios -相关权限。
Could it be that the loginAsync has not yet finished before I try and create the client?
在我尝试创建客户端之前,可能是 loginAsync 尚未完成吗?
It is not related to loginAsync.它与 loginAsync 无关。 Based on my test, it works correctly on my side if I assign the permissions to the folder.
根据我的测试,如果我为文件夹分配权限,它在我这边可以正常工作。
Test Result:测试结果:
If it is possible, you could create a new Datalake account or new folder and try it again.如果可能,您可以创建一个新的 Datalake 帐户或新文件夹,然后重试。 I recommand that you could use fiddler to capture the detail information about exception.
我建议您可以使用 fiddler 来捕获有关异常的详细信息。
Not an answer, just documenting what I found when faced with a similiar error.不是答案,只是记录我在遇到类似错误时发现的内容。
I added my Azure Data Factory Managed Identity to the contributor role at the account level (and therefore file system) level.我在帐户级别(以及文件系统)级别将我的Azure 数据工厂托管标识添加到参与者角色。
When trying to create blobs from ADF I got a forbidden error尝试从 ADF 创建 blob 时出现禁止错误
So I added it to Storage Blob Data Contributor .所以我将它添加到Storage Blob Data Contributor 。 It didn't work immediately but took about 10 minutes to be recognised.
它没有立即起作用,但需要大约 10 分钟才能被识别。 Then everything worked.
然后一切正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.