我可以通过 PowerShell 使用服务主体成功登录,并使用 Find-AzureRmResourceGroup 列出资源组,因此这不是权限问题。
看来我可以使用 .NET Fluent API 成功验证用户身份,但在尝试列出资源组时,我得到了
Authentication error while acquiring token: 'get_user_name_failed: Failed to get user name'
Failed to get user name ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
我的 F# 源代码:
open Microsoft.Azure.Management.ResourceManager.Fluent
open Microsoft.Azure.Management.Fluent
//https://learn.microsoft.com/en-us/dotnet/azure/dotnet-sdk-azure-authenticate?view=azure-dotnet#mgmt-auth
let ClientId = "<Service Principal Application ID>"
let ServicePrincipalPassword = "<Service Principal Password>"
let AzureTenantId = "<tenant id goes here>"
let AzureSubscriptionId = "<subscriptionID>"
let azureCredentials =
let userLoginInformation = Authentication.UserLoginInformation()
userLoginInformation.ClientId <- ClientId
userLoginInformation.Password <- ServicePrincipalPassword
Authentication.AzureCredentials(userLoginInformation, AzureTenantId, AzureEnvironment.AzureGlobalCloud)
let azure = Azure.Configure().Authenticate(azureCredentials).WithSubscription(AzureSubscriptionId)
//fails on execution of this line
let resourceGroups = azure.ResourceGroups.List() |> Seq.cast<IResourceGroup>
完整的错误和堆栈跟踪
Microsoft.Rest.Azure.Authentication.AuthenticationException: Authentication error while acquiring token: 'get_user_name_failed: Failed to get user name'. ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: get_user_name_failed: Failed to get user name ---> System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformSpecificHelper.GetUserPrincipalName()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenNonInteractiveHandler.<PreRunAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Rest.Azure.Authentication.UserTokenProvider.<LoginSilentAsync>d__24.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Rest.Azure.Authentication.UserTokenProvider.<LoginSilentAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.ResourceManager.Fluent.Authentication.AzureCredentials.<ProcessHttpRequestAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperations.<ListWithHttpMessagesAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperationsExtensions.<ListAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsOperationsExtensions.List(IResourceGroupsOperations operations, ODataQuery`1 odataQuery)
at Microsoft.Azure.Management.ResourceManager.Fluent.ResourceGroupsImpl.List()
at <StartupCode$FSI_0005>.$FSI_0005.main@() in E:\GitRepos\AzureSandbox\src\AzureSandbox\Scripts\Script1.fsx:line 20
最佳答案
好的,我明白了。当您需要 Authentication.ServicePrincipalInformation() 时,您正在使用 Authentication.UserLoginInformation()。
我用此替换了 let azureCredentials = 行,并且工作正常。
let azureCredentials =
let servicePrincipalInformation = Authentication.ServicePrincipalLoginInformation()
servicePrincipalInformation.ClientId <- ClientId
servicePrincipalInformation.ClientSecret <- ServicePrincipalPassword
Authentication.AzureCredentials(servicePrincipalInformation, AzureTenantId, AzureEnvironment.AzureGlobalCloud)
```
关于azure - 无法使用服务主体通过 Fluent .NET API 访问 Azure 资源管理器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45597887/