使用适用于.Net ResourceManagementClient的Azure SDK进行身份验证

时间:2018-08-10 17:58:12

标签: c# azure azure-active-directory azure-functions

我有一个Azure Functions应用程序,该应用程序需要检索一个秘密以使用.Net的Azure SDK进行身份验证。

[FunctionName("FunctionName")]
    public static async Task<HttpResponseMessage> Run(
        [HttpTrigger(AuthorizationLevel.Function, "POST")] HttpRequestMessage req,
        TraceWriter log
        )
    {
        string vaultName, secretName, clientId, clientSecret = string.Empty;
        IEnumerable<object> items = null;
        try
        {
            var context = await req.Content.ReadAsAsync<Context>();
            clientId = ConfigurationManager.AppSettings["clientId"].ToString();
            vaultName = ConfigurationManager.AppSettings["vaultName"].ToString();
            secretName = ConfigurationManager.AppSettings["secretName"].ToString();
            AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider();
            try
            {
                var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(tokenProvider.KeyVaultTokenCallback));
                var secret = await keyVaultClient.GetSecretAsync(string.Format("https://{0}.vault.azure.net/secrets/{1}", vaultName, secretName));
                clientSecret = secret.Value;
            }
            catch
            {
                throw new Exception("Can't get secret.");
            }

            ServiceClientCredentials serviceCredentials = await ApplicationTokenProvider.LoginSilentAsync(context.cloudTenantId, context.cloudSubscriptionId, clientSecret);
            using (ResourceManagementClient client = new ResourceManagementClient(serviceCredentials))
            {
                items = OtherFunction(client);
            }
        }
        catch (Exception ex)
        {
            log.Error(ex.Message, ex);
            return req.CreateResponse(HttpStatusCode.InternalServerError, ex);
        }

        return req.CreateResponse(HttpStatusCode.OK, items);
    }

此函数执行时,它将返回带有以下堆栈跟踪的System.IO.FileNotFoundException 

   at Microsoft.Rest.Azure.Authentication.ApplicationTokenProvider.<LoginSilentAsync>d__12.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.Start[TStateMachine](TStateMachine& stateMachine)
   at Microsoft.Rest.Azure.Authentication.ApplicationTokenProvider.LoginSilentAsync(String domain, String clientId, String secret)
   at HcfApi.Src.PRIP1.<DesiredStateConfigCheck>d__0.MoveNext()

和消息

Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.28.3.860, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

我怀疑这是Microsoft.IdentityModel.Clients.ActiveDirectoryApplicationTokenProvider (>=2.28.3)中使用的AzureServiceTokenProvider (>= 3.14.2)版本之间的冲突。

有没有办法解决这些依赖关系?

更新: 我对遇到的异常有更详细的输出:

{
"ClassName": "System.IO.FileNotFoundException",
"Message": "Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.28.3.860, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.",
"Data": null,
"InnerException": null,
"HelpURL": null,
"StackTraceString": "   at Microsoft.Rest.Azure.Authentication.ApplicationTokenProvider.<LoginSilentAsync>d__12.MoveNext()\r\n   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.Start[TStateMachine](TStateMachine& stateMachine)\r\n   at Microsoft.Rest.Azure.Authentication.ApplicationTokenProvider.LoginSilentAsync(String domain, String clientId, String secret)\r\n   at HcfApi.Src.PRDS1.<StorageEncryptionCheck>d__1.MoveNext()",
"RemoteStackTraceString": null,
"RemoteStackIndex": 0,
"ExceptionMethod": "8\nMoveNext\nMicrosoft.Rest.ClientRuntime.Azure.Authentication, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\nMicrosoft.Rest.Azure.Authentication.ApplicationTokenProvider+<LoginSilentAsync>d__12\nVoid MoveNext()",
"HResult": -2147024894,
"Source": "Microsoft.Rest.ClientRuntime.Azure.Authentication",
"WatsonBuckets": null,
"FileNotFound_FileName": "Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.28.3.860, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
"FileNotFound_FusionLog": "=== Pre-bind state information ===\r\nLOG: DisplayName = Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.28.3.860, Culture=neutral, PublicKeyToken=31bf3856ad364e35\n (Fully-specified)\r\nLOG: Appbase = file:///D:/Program Files (x86)/SiteExtensions/Functions/1.0.11959/\r\nLOG: Initial PrivatePath = D:\\Program Files (x86)\\SiteExtensions\\Functions\\1.0.11959\\bin\r\nCalling assembly : Microsoft.Rest.ClientRuntime.Azure.Authentication, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35.\r\n===\r\nLOG: This bind starts in LoadFrom load context.\r\nWRN: Native image will not be probed in LoadFrom context. Native image will only be probed in default load context, like with Assembly.Load().\r\nLOG: Using application configuration file: D:\\Program Files (x86)\\SiteExtensions\\Functions\\1.0.11959\\web.config\r\nLOG: Using host configuration file: D:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Aspnet.config\r\nLOG: Using machine configuration file from D:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config.\r\nLOG: Post-policy reference: Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.28.3.860, Culture=neutral, PublicKeyToken=31bf3856ad364e35\r\nLOG: Attempting download of new URL file:///D:/local/Temporary ASP.NET Files/root/fbd8a7cb/68424d13/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nLOG: Attempting download of new URL file:///D:/local/Temporary ASP.NET Files/root/fbd8a7cb/68424d13/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nLOG: Attempting download of new URL file:///D:/Program Files (x86)/SiteExtensions/Functions/1.0.11959/bin/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nLOG: Attempting download of new URL file:///D:/Program Files (x86)/SiteExtensions/Functions/1.0.11959/bin/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nLOG: Attempting download of new URL file:///D:/local/Temporary ASP.NET Files/root/fbd8a7cb/68424d13/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\nLOG: Attempting download of new URL file:///D:/local/Temporary ASP.NET Files/root/fbd8a7cb/68424d13/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\nLOG: Attempting download of new URL file:///D:/Program Files (x86)/SiteExtensions/Functions/1.0.11959/bin/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\nLOG: Attempting download of new URL file:///D:/Program Files (x86)/SiteExtensions/Functions/1.0.11959/bin/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\nLOG: Attempting download of new URL file:///D:/home/site/wwwroot/bin/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nWRN: Comparing the assembly name resulted in the mismatch: Major Version\r\nLOG: Attempting download of new URL file:///D:/home/site/wwwroot/bin/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.DLL.\r\nLOG: Attempting download of new URL file:///D:/home/site/wwwroot/bin/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\nLOG: Attempting download of new URL file:///D:/home/site/wwwroot/bin/Microsoft.IdentityModel.Clients.ActiveDirectory/Microsoft.IdentityModel.Clients.ActiveDirectory.EXE.\r\n"}

项目信息: 我正在使用Azure Functions Framework V1,并且目标是.Net 4.6.1

更新2: 这是.csroj文件,其中包含程序集版本和项目配置。

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>net461</TargetFramework>
    <AzureFunctionsVersion>v1</AzureFunctionsVersion>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.0" />
    <PackageReference Include="Microsoft.Azure.Management.Compute.Fluent" Version="1.14.0" />
    <PackageReference Include="Microsoft.Azure.Management.Redis.Fluent" Version="1.14.0" />
    <PackageReference Include="Microsoft.Azure.Management.ResourceManager.Fluent" Version="1.14.0" />
    <PackageReference Include="Microsoft.Azure.Management.Sql.Fluent" Version="1.14.0" />
    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.0.3" />
    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="1.0.14" />
    <PackageReference Include="System.Configuration.ConfigurationManager" Version="4.5.0" />
  </ItemGroup>
  <ItemGroup>
    <Reference Include="Microsoft.CSharp" />
  </ItemGroup>
  <ItemGroup>
    <None Update="host.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
    <None Update="local.settings.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
    </None>
  </ItemGroup>
</Project>

1 个答案:

答案 0 :(得分:1)

我首先要承认我使这个问题复杂化了。无需检索秘密,因为我可以使用通过MSI令牌实例化的anArg对象进行身份验证。

为进一步说明,TokenCredentials是由ServiceClientCredentials实现的抽象类。因此,可以使用TokenCredentials类型实例化Azure SDK管理客户端。

相关问题
最新问题