Azure 数据工厂:从 MI 存储 V1 获取 MI 令牌失败。 错误代码 2403
[英]Azure Data Factory : Acquire MI token from MI store V1 failed. Error code 2403
问题描述
I got error below from Azure Data Factory while i try to make changes on Azure Blob Storage:
当我尝试对 Azure Blob 存储进行更改时,我从 Azure 数据工厂收到以下错误:
Get access token from MSI failed for Datafactory. Please verify resource url is valid and retry. Details: Accquire MI token from MI store V1 failed.
Failure type: User configuration issue
Error Code: 2403
My resource url is: https://management.azure.com/subscriptions/$subsId/resourceGroups/$rgname/providers/Microsoft.DataFactory/factories/$adfName?api-version=2018-06-01我的资源网址是: https : //management.azure.com/subscriptions/$subsId/resourceGroups/$rgname/providers/Microsoft.DataFactory/factories/$adfName? api-version =2018-06-01
I am using Web Activity in ADF to access Blob Storage using managed identity which is create during creation of the ADF instance.我在 ADF 中使用 Web Activity 使用在创建 ADF 实例期间创建的托管标识访问 Blob 存储。
When i use SAS token to access to Blob Storage, it works fine.当我使用 SAS 令牌访问 Blob 存储时,它工作正常。
I check the error code 2403 from web but i couldn't find anything.我从网上检查了错误代码 2403,但我找不到任何东西。
Do you have any idea why it fails with Managed Identity as a method of authentication?您知道为什么使用托管身份作为身份验证方法失败吗?
1 个解决方案
解决方案1
2 已采纳 2020-11-03 07:53:05
We solved this issue by assigning "Storage Blob Data Owner" Role for the Storage account on the Azure Data Factory managed Identity.
我们通过为 Azure 数据工厂托管标识上的存储帐户分配“存储 Blob 数据所有者”角色解决了此问题。By setting the Authentication URL for MSI as "https://storage.azure.com"
通过将 MSI 的身份验证 URL 设置为“https://storage.azure.com”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.