asp.net-mvc - 本地集群上托管的 Service Fabric 托管 Asp.net WebApi 容器应用程序 : 403 - Forbidden : Access is denied.

Question

我正在尝试对 Asp.net MVC 应用程序进行提升和转换。我已经包含了我的 Asp.Net WebApi 应用程序并将其部署到 AzureContainerRegistry，并且我正在服务结构应用程序中引用该容器。我的 ServiceManifest 看起来像这样

<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="BookingApiServicePkg"
                 Version="1.0.0"
                 xmlns="http://schemas.microsoft.com/2011/01/fabric"
                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ServiceTypes>
    <StatelessServiceType ServiceTypeName="BookingApiServiceType" UseImplicitHost="true" />
  </ServiceTypes>


  <CodePackage Name="Code" Version="1.0.0">
    <EntryPoint>
      <ContainerHost>
        <ImageName>bookingacr.azurecr.io/bookingapi</ImageName>
      </ContainerHost>
    </EntryPoint>
  </CodePackage>

  <ConfigPackage Name="Config" Version="1.0.0" />    
  <Resources>
    <Endpoints>
      <Endpoint Name="BookingApiServiceTypeEndpoint"   Port="62651"  UriScheme="http" Protocol="http"/>
    </Endpoints>
  </Resources>
</ServiceManifest>

应用程序 list 如下所示

<ApplicationManifest ApplicationTypeName="BookingApiType"
                     ApplicationTypeVersion="1.0.0"
                     xmlns="http://schemas.microsoft.com/2011/01/fabric"
                     xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Parameters>
    <Parameter Name="BookingApiService_InstanceCount" DefaultValue="-1" />
  </Parameters>     
  <ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="BookingApiServicePkg" ServiceManifestVersion="1.0.0" />
    <ConfigOverrides />
    <Policies>
      <ContainerHostPolicies CodePackageRef="Code" ContainersRetentionCount="2"  RunInteractive="true">
        <HealthConfig IncludeDockerHealthStatusInSystemHealthReport="true" RestartContainerOnUnhealthyDockerHealthStatus="false" />
        <PortBinding ContainerPort="80" EndpointRef="BookingApiServiceTypeEndpoint" />
      </ContainerHostPolicies>
    </Policies>
  </ServiceManifestImport>
  <DefaultServices>   
    <Service Name="BookingApiService" ServicePackageActivationMode="ExclusiveProcess">
      <StatelessService ServiceTypeName="BookingApiServiceType"  InstanceCount="[BookingApiService_InstanceCount]">
        <SingletonPartition />
      </StatelessService>
    </Service>
  </DefaultServices>
</ApplicationManifest>

生成的 URL 是 MachineName:PortNumber(http://desktopm423:62651on 我的本地系统)，但访问它时它会显示

403 - Forbidden: Access is denied.

当部署到 ServiceFabric 实例时，我得到 IP 地址和消息

Service Not found

Answer 1

看起来您的证书服务结构证书有问题，您必须将所有证书添加到计算机本地 Cert/root 和所有当前用户证书中

只要您不配置任何 Andmin 客户端证书，您对 Explorer (:19080/Explorer) 的所有请求都会以 403 结束。

您可以在门户中添加管理客户端证书的指纹:

以下是相同的 ARM 设置:-

{
  "type": "Microsoft.ServiceFabric/clusters",
  ...
  "properties": {
    ...
    "ClientCertificateThumbprints": [
      {
        "CertificateThumbprint": "THUMBPRINT_HERE",
        "IsAdmin": true
      }
    ],
  ...
  }
}