[英]Unable to access FileSystem of Azure Data Lake Gen2 with Angular using azure-sdk-for-js
I am developing an application with Angular 8 and trying to connect to Azure Data Lake Gen 2's FileSystem through its REST API in order to be able to retrieve the list of folders as well as do a file import. I am developing an application with Angular 8 and trying to connect to Azure Data Lake Gen 2's FileSystem through its REST API in order to be able to retrieve the list of folders as well as do a file import.
For authentication I use the library msal-angular that allows me to retrieve an ID token via the loginPopup
function and an access token via acquireTokenSilent
function.对于身份验证,我使用库msal-angular ,它允许我通过 loginPopup function 检索ID 令牌,并通过loginPopup
acquireTokenSilent
检索访问令牌。
I am using this scheme as a guide: aad connection flow我使用这个方案作为指导: aad connection flow
The scope: ['user.read','api://<uuid>/user_impersonation']
. scope: ['user.read','api://<uuid>/user_impersonation']
。 api scopes api 瞄准镜
Then I use the storage-datalake library to try to retrieve information from my Data Lake.然后我使用storage-datalake库尝试从我的数据湖中检索信息。 So I use the access token of my user logged to create a DataLakeStorageClient
with TokenCredentials
.因此,我使用登录用户的访问令牌来创建带有DataLakeStorageClient
的TokenCredentials
。 Then I try to recover the list of folders on one of my FileSystems.然后我尝试恢复我的一个文件系统上的文件夹列表。
I'm getting this error: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)
.我收到此错误: 401 (Server failed to authenticate the request. Please refer to the information in the www-authenticate header.)
。
Do you have any idea where my problem might come from?你知道我的问题可能来自哪里吗?
My user has the following roles:我的用户具有以下角色:
API permissions: api permissions API 权限: api 权限
When I'm using END-USER authentication without user impersonation (as a service principal) I can access my filesystem...当我在没有用户模拟(作为服务主体)的情况下使用END-USER 身份验证时,我可以访问我的文件系统......
Thank you in advance for your help.预先感谢您的帮助。
The scope is not correct. scope 不正确。 You can not use two kinds of resource in the scope.您不能在 scope 中使用两种资源。 user.read
is for https://graph.microsoft.com
resource. user.read
用于https://graph.microsoft.com
资源。 api://<uuid>/user_impersonation
is for your own resource. api://<uuid>/user_impersonation
用于您自己的资源。
You can try with ['https://datalake.azure.net/.default']
as the scope.您可以尝试使用['https://datalake.azure.net/.default']
作为 scope。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.