无法使用Service Principal通过Fluent .NET API访问Azure Resource Manager

时间:2017-08-09 18:13:11

标签: azure f# azure-active-directory

我可以通过PowerShell成功登录Service Principal并使用Find-AzureRmResourceGroup列出资源组,因此这不是权限问题。

看来我可以使用.NET Fluent API成功验证用户,但在尝试列出资源组时,我得到了

Authentication error while acquiring token: 'get_user_name_failed: Failed to get user name'

Failed to get user name ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done

我的F#源代码:

open Microsoft.Azure.Management.ResourceManager.Fluent
open Microsoft.Azure.Management.Fluent

//https://docs.microsoft.com/en-us/dotnet/azure/dotnet-sdk-azure-authenticate?view=azure-dotnet#mgmt-auth
let ClientId = "<Service Principal Application ID>"
let ServicePrincipalPassword = "<Service Principal Password>"
let AzureTenantId = "<tenant id goes here>"
let AzureSubscriptionId = "<subscriptionID>"

let azureCredentials =
    let userLoginInformation = Authentication.UserLoginInformation()
    userLoginInformation.ClientId <- ClientId
    userLoginInformation.Password <- ServicePrincipalPassword
    Authentication.AzureCredentials(userLoginInformation, AzureTenantId, AzureEnvironment.AzureGlobalCloud)

let azure = Azure.Configure().Authenticate(azureCredentials).WithSubscription(AzureSubscriptionId)

//fails on execution of this line
let resourceGroups = azure.ResourceGroups.List() |> Seq.cast<IResourceGroup>

完整错误和堆栈跟踪

Microsoft.Rest.Azure.Authentication.AuthenticationException: Authentication error while acquiring token: 'get_user_name_failed: Failed to get user name'. ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: get_user_name_failed: Failed to get user name ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformSpecificHelper.GetUserPrincipalName()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenNonInteractiveHandler.<PreRunAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Rest.Azure.Authentication.UserTokenProvider.<LoginSilentAsync>d__24.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.Rest.Azure.Authentication.UserTokenProvider.<LoginSilentAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Management.ResourceManager.Fluent.Authentication.AzureCredentials.<ProcessHttpRequestAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperations.<ListWithHttpMessagesAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperationsExtensions.<ListAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperationsExtensions.List(IResourceGroupsOperations operations, ODataQuery`1 odataQuery)
   at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsImpl.List()
   at <StartupCode$FSI_0005>.$FSI_0005.main@() in E:\GitRepos\AzureSandbox\src\AzureSandbox\Scripts\Script1.fsx:line 20

1 个答案:

答案 0 :(得分:1)

好的,我明白了。您希望Authentication.UserLoginInformation()时使用Authentication.ServicePrincipalInformation()

我用此替换了let azureCredentials =行,它运行正常。

let azureCredentials =
  let servicePrincipalInformation = Authentication.ServicePrincipalLoginInformation()
  servicePrincipalInformation.ClientId <- ClientId
  servicePrincipalInformation.ClientSecret <- ServicePrincipalPassword
  Authentication.AzureCredentials(servicePrincipalInformation, AzureTenantId, AzureEnvironment.AzureGlobalCloud)

```

相关问题
最新问题