我正在尝试从 Azure 自动化调用 Azure REST Api,因此我需要获取身份验证 header 。我使用 ADAL,但在 Azure 自动化中它失败并显示以下内容。
所以问题是 - 如何在 Azure 自动化中使用 ADAL?
ERROR: Exception calling "AcquireToken" with "4" argument(s): "Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'." At C:\Modules\User\azureadauth\azureadauth.psm1:16 char:5 + $authResult = $authContext.AcquireToken($resourceAppIdURI, $clien ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : EntryPointNotFoundException
ERROR: You cannot call a method on a null-valued expression. At C:\Modules\User\azureadauth\azureadauth.psm1:19 char:5 + $authHeader = $authResult.CreateAuthorizationHeader() + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull
最佳答案
我也遇到了同样的问题。以下是我在调查时发现的内容以及我如何解决这个问题。我假设您正在按照互联网上流传的示例之一为 Azure Graph API 创建访问 token 。这些示例通常如下所示:
$TenantId = "YourTenantIdHere"
$authString = "https://login.microsoftonline.com/" + $TenantId
$resourceUrl = "https://graph.windows.net"
$authenticationContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authString, $false)
# Use common client
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUrl = "urn:ietf:wg:oauth:2.0:oob"
$GraphApiAccessToken = $authenticationContext.AcquireToken($resourceUrl, $clientId, $redirectUrl, [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto).AccessToken
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $GraphApiAccessToken)
您在本地环境中运行了它,一切正常,但是当您尝试在 Azure 自动化帐户中执行它时,您收到了您发布的错误。我知道,因为这就是发生在我身上的事情。
想了解有关错误中提到的“iphlpapi.dll”文件的更多信息,我在 Azure 自动化帐户中创建了一个 Runbook,通过执行以下命令列出该文件的版本信息:
(Get-Item C:\Windows\System32\IPHLPAPI.DLL).VersionInfo | fl
这是结果:
OriginalFilename : IpHlpApi.dll
FileDescription : IP Helper API Library
ProductName : Microsoft® Windows® Operating System
Comments :
CompanyName : Microsoft Corporation
FileName : C:\Windows\System32\IPHLPAPI.DLL
FileVersion : 6.2.9200.2203 (x64fre.140823-0405)
ProductVersion : 6.2.9200.2203
IsDebug : False
IsPatched : False
IsPreRelease : False
IsPrivateBuild : False
IsSpecialBuild : False
Language : English (United States)
LegalCopyright : © Microsoft Corporation. All rights reserved.
LegalTrademarks :
PrivateBuild :
SpecialBuild :
FileVersionRaw : 6.2.9200.2203
ProductVersionRaw : 6.2.9200.2203
在我的本地环境中运行相同的命令会产生:
OriginalFilename : iphlpapi.dll.mui
FileDescription : IP Helper API
ProductName : Microsoft® Windows® Operating System
Comments :
CompanyName : Microsoft Corporation
FileName : C:\Windows\System32\IPHLPAPI.DLL
FileVersion : 10.0.15063.0 (WinBuild.160101.0800)
ProductVersion : 10.0.15063.0
IsDebug : False
IsPatched : False
IsPreRelease : False
IsPrivateBuild : False
IsSpecialBuild : False
Language : English (United States)
LegalCopyright : © Microsoft Corporation. All rights reserved.
LegalTrademarks :
PrivateBuild :
SpecialBuild :
FileVersionRaw : 10.0.15063.0
ProductVersionRaw : 10.0.15063.0
因此,Azure 自动化帐户中的文件版本显然较旧,并且似乎与 AzureRm.Profile 模块不兼容。
我能够通过找到另一种使用自动化连接证书创建访问 token 的方法来解决这个问题,这种方法似乎不依赖于“iphlpapi.dll”
$servicePrincipalConnection = Get-AutomationConnection -Name 'YourAzureAutomationConnectionNameHere'
$tenantId = 'YourTenantIdHere'
$certificate = Get-AutomationCertificate -Name 'YourAutomationConnectionCertificateNameHere'
$authorizationUrl = "https://login.microsoftonline.com/$tenantId"
$resourceUrl = "https://graph.windows.net"
$authenticationContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authorizationUrl, $false)
$assertionCert = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($servicePrincipalConnection.ApplicationId, $certificate)
$accessToken = $authenticationContext.AcquireToken($resourceUrl, $assertionCert).AccessToken
关于powershell - ADAL 和 Azure 自动化,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36680829/