Azure API管理无效访问令牌

Question

I am trying to generate an access token for my API Management. 我正在尝试为我的API管理生成访问令牌。 I have enabled the Management REST API in the Azure portal and then I tried generating the token using both options- through the portal as well as programmatically. 我已经在Azure门户中启用了Management REST API，然后尝试通过门户以及以编程方式使用这两个选项生成令牌。 Both the options doesn't work and I get error response: 这两个选项均不起作用，并且出现错误响应：

"{\\"error\\":{\\"code\\":\\"InvalidAuthenticationToken\\",\\"message\\":\\"The access token is invalid.\\"}}" “ {\\”错误\\“：{\\”代码\\“：\\” InvalidAuthenticationToken \\“，\\”消息\\“：\\”访问令牌无效。\\“}}”

REST API which I am trying to access: https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi?%24filter=timestamp%20ge%20datetime%272019-08-01T00%3A00%3A00%27%20and%20timestamp%20le%20datetime%272019-08-09T00%3A00%3A00%27&api-version=2019-01-01 我尝试访问的REST API： https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi?%24filter=timestamp%20ge%20datetime%272019-08-01T00%3A00%3A00%27%20and%20timestamp%20le%20datetime%272019-08-09T00%3A00%3A00%27&api-version=2019-01-01 : https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi?%24filter=timestamp%20ge%20datetime%272019-08-01T00%3A00%3A00%27%20and%20timestamp%20le%20datetime%272019-08-09T00%3A00%3A00%27&api-version=2019-01-01 {subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi?%24filter=timestamp%20ge%20datetime%272019-08-01T00%3A00%3A00%27%20and%20timestamp%20le%20datetime%272019-08-09T00%3A00%3A00%27&api-version=2019-01-01

My code: 我的代码：

public string GetAnalytics()
{
    string data = String.Empty;

    using (HttpClient client = new HttpClient())
    {
        client.BaseAddress = new Uri(_url);
        string token = GetToken();
        client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
        data = client.GetAsync(_url).Result.Content.ReadAsStringAsync().Result;
    }

    return data;
}

private string GetToken()
{
    var id = "integration";
    var key = _key;
    var expiry = DateTime.UtcNow.AddDays(10);
    string token = String.Empty;
    using (var encoder = new HMACSHA512(Encoding.UTF8.GetBytes(key)))
    {
        var dataToSign = id + "\n" + expiry.ToString("O", CultureInfo.InvariantCulture);
        var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));
        var signature = Convert.ToBase64String(hash);
        token = string.Format("SharedAccessSignature uid={0}&ex={1:o}&sn={2}", id, expiry, signature);
    }
    return token;
}

References: 参考文献：

https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication https://docs.microsoft.com/zh-cn/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication

https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/reports/listbyapi https://docs.microsoft.com/zh-cn/rest/api/apimanagement/2019-01-01/reports/listbyapi

Any help with this please? 请帮忙吗？

Answer 1

The API which you are using is the Azure API and not Azure APIM API. 您使用的API是Azure API，而不是Azure APIM API。 The Shared Access Signature will work only with the Azure APIM API and not with Azure API. 共享访问签名仅适用于Azure APIM API，不适用于Azure API。 In order for Shared Access Signature to work use the API with base url - https://{servicename}.management.azure-api.net 为了使共享访问签名正常工作，请使用具有基本URL的API- https://{servicename}.management.azure-api.net

For the Azure API to work, use OAuth2 credentials. 为了使Azure API正常工作，请使用OAuth2凭据。 Setup a client as mentioned - https://docs.microsoft.com/en-us/rest/api/azure/#register-your-client-application-with-azure-ad 如前所述设置客户端-https: //docs.microsoft.com/zh-cn/rest/api/azure/#register-your-client-application-with-azure-ad

Answer 2

The URL you used is azure rest api endpoint. 您使用的URL是azure rest api端点。 If you want to call azure rest api, you need to get azure ad access token. 如果要调用天蓝色的REST API，则需要获取天蓝色的广告访问令牌。 However, the token you get is SAS token. 但是，您获得的令牌是SAS令牌。 It just can be used to call azure API management rest api. 它仅可用于调用Azure API管理Rest API。 For more details, please refer to https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/api-management-rest 有关更多详细信息，请参阅https://docs.microsoft.com/zh-cn/rest/api/apimanagement/apimanagementrest/api-management-rest

https://docs.microsoft.com/en-us/rest/api/azure/ https://docs.microsoft.com/zh-cn/rest/api/azure/

Azure API管理无效访问令牌

问题描述

2 个解决方案

解决方案1
0 2019-08-12 04:43:34

解决方案2
0 2019-08-13 10:41:14

Azure API管理无效访问令牌

问题描述

2 个解决方案

解决方案1 0 2019-08-12 04:43:34

解决方案2 0 2019-08-13 10:41:14

解决方案1
0 2019-08-12 04:43:34

解决方案2
0 2019-08-13 10:41:14