[英]Azure linked services with data factory custom activity
我無法使用Azure數據工廠(ADF)創建鏈接服務,我具有ADF級別的鏈接服務的讀/寫權限。
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.Azure.Management.DataFactory.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
LinkedServiceResource storageLinkedService = new
LinkedServiceResource(
new AzureStorageLinkedService
{
ConnectionString = new
SecureString("DefaultEndpointsProtocol=https;AccountName=" +
storageAccount + ";AccountKey=" + storageKey)
}
);
client.LinkedServices.CreateOrUpdate(resourceGroup,
dataFactoryName, storageLinkedServiceName, storageLinkedService);
順便說一句,我同時使用了客戶端憑據和用戶憑據
ClientCredential cc = new ClientCredential(applicationId,
authenticationKey);
var cc = new UserPasswordCredential(userName, password);
Microsoft.Azure.Management.DataFactory.Models.ErrorResponseException:
Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.Management.DataFactory.LinkedServicesOperations.
<CreateOrUpdateWithHttpMessagesAsync>d__6.MoveNext() --- End of stack
trace from previous location where exception was thrown ---
System.Net.Http.HttpRequestException: Response status code does not
indicate success: 401 (Unauthorized). --->
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException:
{"error":"invalid_client","error_description":"AADSTS70002: The
request body must contain the following parameter: 'client_secret or
client_assertion'.\r\nTrace ID: 2264d637-8786-4a40-96d4-
5d27b0670300\r\nCorrelation ID: fec688c8-bb92-49c2-86d3-
1e091181fe10\r\nTimestamp: 2017-11-29 05:30:23Z","error_codes":
[70002],"timestamp":"2017-11-29 05:30:23Z","trace_id":"2264d637-8786-
4a40-96d4-5d27b0670300","correlation_id":"fec688c8-bb92-49c2-86d3-
1e091181fe10"}: Unknown error
--- End of inner exception stack trace ---
根據您的例外,看來您使用的是Web客戶端的資源所有者流。 機密客戶端(例如Web App客戶端) 不能使用直接用戶憑據。
您將需要作為公共客戶端(本機客戶端應用程序)而不是作為機密客戶端(Web應用程序/ API)來調用它。 請參考本文檔,以獲取有關如何使用ADAL的更多信息,尤其是“ 約束與限制”部分
沒有網站/機密客戶端這不是ADAL限制,而是AAD設置。 您只能使用來自本機客戶端的流。 機密客戶端(例如網站)不能使用直接用戶憑據。
要訪問您的訂閱中的資源,您需要為注冊的應用分配角色。
請嘗試使用以下代碼獲取TokenCredentials,以下是創建油墨服務的演示代碼。 它在我這邊正常工作。 我們也可以參考這份文件 。
private static async Task<string> GetToken(string tenantId, string clientId, string secretKey)
{
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(clientId, secretKey);
var tokenResponse = await context.AcquireTokenAsync("https://management.azure.com/", clientCredential);
var accessToken = tokenResponse.AccessToken;
return accessToken;
}
var token = GetToken(_tenantId, _clientId, _screctKey).Result;
TokenCredentials credentials = new TokenCredentials(token);
DataFactoryManagementClient client = new
DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
DataFactoryManagementClient client = new DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
LinkedServiceResource storageLinkedService = new LinkedServiceResource(new AzureStorageLinkedService{
ConnectionString = new SecureString("DefaultEndpointsProtocol=https;AccountName=" + storageAccount + ";AccountKey=" + storageKey)});
var result =client.LinkedServices.CreateOrUpdateWithHttpMessagesAsync(resourceGroup, factoryName, storageLinkedServiceName, storageLinkedService).Result;
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.