我正按照以下说明尝试让Azure Let的加密网站插件为我的一个Azure网站工作:
但我在运行时遇到授权错误。我不知道从哪里开始尝试解决这个问题,任何帮助都会受到欢迎。
错误如下:
Microsoft.Rest.Azure.CloudException:客户端' {id} '对象ID' {id id here ??} '没有授权执行操作 ' Microsoft.Web /网站/读'超出范围' / subscriptions / {subscription id} /resourceGroups/Default-Web-NorthEurope/providers/Microsoft.Web/sites/{sitename}' ;。 在Microsoft.Azure.Management.WebSites.SitesOperations.d__29.MoveNext()
这是访问网络应用程序的原则问题。
我决定在这里进行特洛伊狩猎演练: https://www.troyhunt.com/everything-you-need-to-know-about-loading-a-free-lets-encrypt-certificate-into-an-azure-website/
这是非常好的 - 他使用旧的azure门户来设置活动目录,我发现它更有用,因为我实际上可以看到发生了什么。
无论如何,我已经完成了整个过程直到实际的证书请求,现在我收到了403服务器错误:
The remote server returned an error: (403) Forbidden.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote server returned an error: (403) Forbidden.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebException: The remote server returned an error: (403) Forbidden.]
System.Net.HttpWebRequest.GetResponse() +1390
ACMESharp.AcmeClient.RequestHttpPost(Uri uri, Object message) +642
[AcmeWebException: Unexpected error]
ACMESharp.AcmeClient.AuthorizeIdentifier(String dnsIdentifier) +435
LetsEncrypt.SiteExtension.Core.CertificateManager.Authorize(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:518
LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:441
LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:244
LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +604
lambda_method(Closure , ControllerBase , Object[] ) +104
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +169
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22
System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50
System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +225
System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26
System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100
System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36
System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +22
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
答案 0 :(得分:9)
添加主体后,需要将其添加为&#34;用户&#34;在&#34;资源组&#34;并给予它&#34;贡献&#34;权利。
如果您忘记了这一点,您将收到以上错误消息。
在尝试再次运行Lets encrypt extension之前,请重新启动该站点。
答案 1 :(得分:4)
对我来说,当我的ResourceGroup与我的ServicePlanResourceGroup不同时出现了这个问题。
因此,如果这些不相等,除了ResourceGroup之外,还需要将您创建的App注册(您创建密钥的clientId)添加到ServicePlanResourceGroup。
答案 2 :(得分:1)
我遇到了一个新的Azure应用服务的同一问题。原来我必须在运行Let的加密向导之前实际部署一个Web应用程序。当空站点的默认Azure应用服务登录页面是内容时,向导无法完成其工作。
答案 3 :(得分:1)
我遇到了完全相同的异常并按照这些步骤解决了它
这立即解决了访问权限不足的例外
更新关注steps (5. Register Service Principal),确保您已登录正确的订阅。在我的情况下,我在错误的订阅中创建了服务主体,因此主体没有正确分配给正在使用的App Service
答案 4 :(得分:0)
这是访问的问题。请检查5.注册您提到的文章的服务主体部分。当在LetsEncrypt页面上使用ApplicationId完成该部分时,您是否拥有相同的ApplicationId?同样的秘密?检查一下,因为该步骤看起来有点不对劲。
P.S。我刚刚检查了这个演练,没有你提到的错误。
答案 5 :(得分:0)
我遇到了同样的问题。
我通过在Azure Let的加密站点扩展配置中未指定自定义域(例如lybecker.com)解决了这个问题,但使用了完整的lybecker.onmicrosoft.com