我有几个API,并且正在利用Azure Active Directory将访问Azure SQL数据库的方式从简单的凭据更改为托管服务身份模型。
对于较旧的.Net API,我这样做没有问题,但是我无法让较新的.NetCore API做到同样的事情。我已经读过.NetCore尚不支持此功能的可能性,但是我不清楚这是否准确。
我运行以下代码:
SqlConnection conn = new SqlConnection(_ConnectionString);
conn.AccessToken = (new AzureServiceTokenProvider()).GetAccessTokenAsync("https://database.windows.net/").Result;
并收到此错误:
AzureServiceTokenProviderException: Parameters: Connectionstring: [No connection string specified], Resource: https://database.windows.net/, Authority: . Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connectionstring: [No connection string specified], Resource: https://database.windows.net/, Authority: . Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.
Parameters: Connectionstring: [No connection string specified], Resource: https://database.windows.net/, Authority: . Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\Users\simonb\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connectionstring: [No connection string specified], Resource: https://database.windows.net/, Authority: . Exception Message: Tried to get token using Azure CLI. Access token could not be acquired.
我不希望它通过MSI起作用,因为我在本地运行它,但它应该通过方法2起作用
*更新 找到此相关文章:https://github.com/Azure/azure-sdk-for-net/issues/3933
答案 0 :(得分:1)
我已经读过.NetCore尚不支持此功能的可能性,但是我不清楚这是否正确/正确。
简而言之, .Net Core 2.1不支持。
.NET Framework 4.6及更高版本当前支持此方案,但.NET Core 2.1尚未。 .NET Core 2.2确实支持该方案,但尚未包含在App Service的默认图像中。
有关更多详细信息,您可以参考此article。