[英]Azure Managed Identity local debug authentication failure
I've got a very basic example that I just can't seem to get working. 我有一个非常基本的例子,我似乎无法工作。 The user I'm using is a subscription owner so should have access to everything.
我使用的用户是订阅所有者,因此应该可以访问所有内容。 If I run the following when it tries to actually get the blob text that is when it falls over with:
如果我尝试实际获取其摔倒的blob文本时运行以下命令:
StorageException: Server failed to authenticate the request.
StorageException:服务器无法验证请求。 Make sure the value of Authorization header is formed correctly including the signature.
确保包括签名在内的Authorization标头的值正确形成。
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.WindowsAzure.Storage.Blob;
using System;
using System.Threading;
using System.Threading.Tasks;
namespace testmsistorageaccess
{
class Program
{
public static void Main()
{
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
var tokenAndFrequency = TokenRenewerAsync(azureServiceTokenProvider,
CancellationToken.None).GetAwaiter().GetResult();
TokenCredential tokenCredential = new TokenCredential(tokenAndFrequency.Token,
TokenRenewerAsync,
azureServiceTokenProvider,
tokenAndFrequency.Frequency.Value);
StorageCredentials storageCredentials = new StorageCredentials(tokenCredential);
var storageUri = new Uri("https://mystorageaccount.blob.core.windows.net");
var client = new CloudBlobClient(storageUri, storageCredentials);
var container = client.GetContainerReference("bob");
string content = container.GetBlockBlobReference("bob.xml").DownloadTextAsync().Result;
Console.WriteLine($"Got {content}");
}
private static async Task<NewTokenAndFrequency> TokenRenewerAsync(Object state, CancellationToken cancellationToken)
{
const string StorageResource = "https://storage.azure.com/";
var authResult = await ((AzureServiceTokenProvider)state).GetAuthenticationResultAsync(StorageResource);
var next = (authResult.ExpiresOn - DateTimeOffset.UtcNow) - TimeSpan.FromMinutes(5);
if (next.Ticks < 0)
{
next = default(TimeSpan);
}
return new NewTokenAndFrequency(authResult.AccessToken, next);
}
}
}
Not sure what I'm doing wrong here, I've checked and the user it's trying to use and that appears correct and has the right AD Tenant ID: 不确定我在这里做错了什么,我已经检查了它正在尝试使用的用户,并且看起来正确并且具有正确的AD租户ID:
I saw mention of checking time on my local machine with UTCNow and confirmed it's correct with GMT time other than that I've found nothing else about how to debug this. 我看到有人提到使用UTCNow在本地计算机上检查时间,并确认它与GMT时间是正确的,除了我没有发现其他有关如何调试时间的信息。
Any help appreciated 任何帮助表示赞赏
Subscription owner != data access. 订阅所有者!=数据访问。 You need to add storage blob contributor or storage blob reader role to the user.
您需要向用户添加存储Blob贡献者或存储Blob读取者角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.