Azure数据库管理权限
[英]Permissions for Azure database management
问题描述
I'm working on a small application to connect to Microsoft Azure, list all databases belonging to a certain resource group, and export all said databases. 
我正在开发一个小型应用程序,以连接到Microsoft Azure,列出属于某个资源组的所有数据库,并导出所有所述数据库。 I'm using the Microsoft.WindowsAzure.Management.Sql library for this. 我为此使用Microsoft.WindowsAzure.Management.Sql库。
Following this guide , I've managed to set up an app registration in AD for my application and assign it the Owner role (for testing), authenticate with Azure and get an access token. 遵循本指南 ,我设法在AD中为我的应用程序设置了应用程序注册,并为其分配了Owner角色(用于测试),向Azure进行身份验证并获得了访问令牌。
However, when I try to use that token to perform any operations on the database (such as listing all databases, using IServerOperations.List ), I get the following exception: 但是,当我尝试使用该令牌对数据库执行任何操作(例如,使用IServerOperations.List列出所有数据库)时,出现以下异常:
ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
The tenant ID, subscription ID, client ID and client secret are all correct, and changing any of them results in a different exception, already at the authentication stage. 租户ID,订阅ID,客户ID和客户机密都是正确的,更改它们中的任何一个都会导致不同的异常,这已经在身份验证阶段。
How can I fix this? 我怎样才能解决这个问题? If the correct answer is "switch to Microsoft.Azure.Management.Sql " I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening. 如果正确的答案是“切换到Microsoft.Azure.Management.Sql ”,那么我很好,但是如果可能的话,我至少想了解为什么会这样。
1 个解决方案
解决方案1
1 已采纳 2018-07-17 08:10:50
HIf the correct answer is "switch to Microsoft.Azure.Management.Sql" I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening.
Microsoft.WindowsAzure.Management.Sql implements the ASM API(Azure old API). Microsoft.WindowsAzure.Management.Sql实现ASM API(Azure旧API)。
The reason you're getting this error is because you're trying to authenticate/authorize an Azure Resource Manager (ASM) API with application permission. 出现此错误的原因是,您试图使用应用程序权限对Azure资源管理器(ASM)API进行身份验证/授权。 But Service Management API is a delegated permission and not an application permission. 但是Service Management API是委派权限,而不是应用程序权限。
For more detail information about how to authenticate for ASM and ARM Rest API, please refer to another SO thread . 有关如何对ASM和ARM Rest API进行身份验证的更多详细信息,请参考另一个SO线程 。
How can I fix this?
Microsoft.Azure.Management.Sql implements the ARM API. Microsoft.Azure.Management.Sql实现ARM API。 As you mentioned that you could use the Microsoft.Azure.Management.Sql to instand of Microsoft.WindowsAzure.Management.Sql 如前所述,您可以使用Microsoft.Azure.Management.Sql来理解Microsoft.WindowsAzure.Management.Sql
or you could use X509 Certificate based authorization to authorize your ASM API requests. 或者您可以使用基于X509证书的授权来授权您的ASM API请求。 For more information about how to authenticate using a management certificate, you could refer to this tutorial . 有关如何使用管理证书进行身份验证的更多信息,请参考本教程 。
Note : It is recommanded that to use Microsoft.Azure.Management.Sql to instead of Microsoft.WindowsAzure.Management.Sql 注意 :建议使用Microsoft.Azure.Management.Sql代替Microsoft.WindowsAzure.Management.Sql
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.