如何使用MSI从Azure中的VMSS访问服务总线

时间:2019-06-12 14:47:27

标签: c# azure azureservicebus azure-managed-identity

我的控制台应用程序正在Azure规模集中的VM上运行,但是无法使用VMSS托管服务身份连接到Azure Service Bus。

当它尝试通过 TokenProvider.CreateManagedServiceIdentityTokenProvider()获取访问令牌时,抛出异常。

  1. 已在虚拟机规模集(VMSS)上启用了标识(已分配系统)。
  2. 在服务总线命名空间上为VMSS身份分配了角色Azure Service Bus数据所有者

有没有我需要的步骤或要求?

示例代码 

var sbEndpoint = "sb://mysbnamespace.servicebus.windows.net/";
var sbQueueName = "myqueue";
var tokenProvider = TokenProvider.CreateManagedServiceIdentityTokenProvider();
var sendClient = new QueueClient( sbEndpoint, sbQueueName, tokenProvider );

await sendClient.SendAsync( new Message( Encoding.UTF8.GetBytes( "abc 123" )));

例外 

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried the following 4 methods to get an access token, but none of them worked.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\Users\makr\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. ERROR: Please run 'az login' to setup account.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: https://login.microsoftonline.com/common. 
Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. get_user_name_failed: Failed to get user name

Inner Exception : No mapping between account names and security IDs was done

   at Microsoft.Azure.ServiceBus.Core.MessageSender.<OnSendAsync>d__52.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\Core\MessageSender.cs:line 567
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.ServiceBus.RetryPolicy.<RunOperation>d__19.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\RetryPolicy.cs:line 82
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.ServiceBus.RetryPolicy.<RunOperation>d__19.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\RetryPolicy.cs:line 107
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.ServiceBus.Core.MessageSender.<SendAsync>d__39.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\Core\MessageSender.cs:line 266
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at AzureServiceBusManagedSystemIdentity.Program.<TestSbMsi>d__10.MoveNext()
======================================================

package.config (带有使MSI身份验证有效的nuget) 

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Microsoft.Azure.Amqp" version="2.4.2" targetFramework="net472" />
  <package id="Microsoft.Azure.ServiceBus" version="3.4.0" targetFramework="net472" />
  <package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="4.5.1" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.4.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Logging" version="5.4.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Tokens" version="5.4.0" targetFramework="net472" />
  <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net472" />
  <package id="System.Diagnostics.DiagnosticSource" version="4.5.1" targetFramework="net472" />
  <package id="System.IdentityModel.Tokens.Jwt" version="5.4.0" targetFramework="net472" />
  <package id="System.IO" version="4.3.0" targetFramework="net472" />
  <package id="System.Net.WebSockets" version="4.3.0" targetFramework="net472" />
  <package id="System.Net.WebSockets.Client" version="4.3.2" targetFramework="net472" />
  <package id="System.Runtime" version="4.3.1" targetFramework="net472" />
  <package id="System.Runtime.Serialization.Primitives" version="4.3.0" targetFramework="net472" />
  <package id="System.Security.Cryptography.Algorithms" version="4.3.1" targetFramework="net472" />
 <package id="System.Security.Cryptography.Encoding" version="4.3.0" targetFramework="net472" />
 <package id="System.Security.Cryptography.Primitives" version="4.3.0" targetFramework="net472" />
 <package id="System.Security.Cryptography.X509Certificates" version="4.3.2" targetFramework="net472" />
</packages>

2 个答案:

答案 0 :(得分:1)

根据异常消息,似乎VMSS上未启用托管身份。您如何验证它已启用?

还可以请您指定使用的Service Bus NuGet软件包以及哪个版本?

答案 1 :(得分:0)

将Nuget软件包更新到彼此兼容的最新版本可以解决此问题,请参阅OP中的软件包列表。

感谢@Varun引导我寻求一个明显的解决方案。

相关问题
最新问题