无法使用Azure中的服务原则获取经典Web角色

Question

以下代码适用于身份验证的工作方式。但是当我尝试使用Service Principle作为身份验证时，身份验证失败。

工作脚本：

var context = new AuthenticationContext(azureAdUrl + azureADTenant);
var credential = new UserPasswordCredential(azureUsername, azurePassword);
var authParam = new PlatformParameters(PromptBehavior.RefreshSession, null);
var tokenInfo = context.AcquireTokenAsync("https://management.core.windows.net/", azureADClientId, credential);

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken);

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds);
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name;
string label = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Label;

不工作：

  

AuthenticationFailed：JWT令牌不包含预期的受众   uri＆＃39; https://management.core.windows.net/＆＃39;。

ClientCredential cc = new ClientCredential(applicationClientID, accessKey);
var context = new AuthenticationContext("https://login.windows.net/" + AzureTenantId);
var tokenInfo = context.AcquireTokenAsync("https://management.azure.com/", cc);

tokenInfo.Wait();

if (tokenInfo == null)
{
    throw new InvalidOperationException("Failed to obtain the JWT token");
}

TokenCloudCredentials tokencreds = new TokenCloudCredentials(subscriptionId, tokenInfo.Result.AccessToken);

ComputeManagementClient computeClient = new ComputeManagementClient(tokencreds);
string deploymentName = computeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production).Name;

Answer 1

我不认为可以使用Service Principal访问经典Azure资源。

经典Azure资源通过Service Management API进行管理，该Service Principal没有rm(list=ls()) library(tidyverse) library(maptools) library(raster) library(plotrix) # collection data set load + post codes lo la - 2016 df2016 <- read.csv('C:/Users/thomas/desktop/coll2016WORKINGFILE.csv') colnames(df2016) <- c('name','value','amount') df2016$amount <- NULL df2016$name <- as.character(df2016$name) # OPTIONAL: Depending on your data, you may need to rescale it for the color ramp to work df2016$value <- rescale(df2016$value, newrange = c(0, 1)) # Download a shapefile of postal codes into your working directory download.file( "http://www.opendoorlogistics.com/wp-content/uploads/Data/UK-postcode-boundaries-Jan-2015.zip", "postal_shapefile" ) # Unzip the shapefile unzip("postal_shapefile") # Read the shapefile postal <- readShapeSpatial("./Distribution/Areas") postal.df <- fortify(postal, region = "name") # Join your data to the shapefile postal <- raster::merge(postal, df2016, by = "name") postal$value[is.na(postal$value)] <- 0.50 # Get centroids of spatialPolygonDataFrame and convert to dataframe # for use in plotting area names. postal.centroids.df <- data.frame(long = coordinates(postal)[, 1], lat = coordinates(postal)[, 2], id=postal$name, ratio = postal$value) plot(postal, col = gray(postal$value)) title("UK Success Rate") legend("right",NULL,legend = postal$value,col = gray(postal$value)) 的概念。它仅在为管理员或协同管理员获取令牌时才支持令牌。

您需要使用实际用户的用户名/密码才能使用Service Management API。

Answer 2

根据您的代码，我在我身边进行了测试，可能会遇到与您提供的问题相同的问题。而Gaurav Mantri提供了合理的答案。 AFAIK，对于经典Azure服务（ASM），您可以参考Authenticate using a management certificate并上传management API certificate。

这是我的代码段，您可以参考它：

CertificateCloudCredentials credential = new CertificateCloudCredentials("<subscriptionId>",GetStoreCertificate("<thumbprint>"));
ComputeManagementClient computeClient = new ComputeManagementClient(credential);
string deploymentName = computeClient.Deployments.GetBySlot("<serviceName>", DeploymentSlot.Production).Name;

<强>结果：