gpt4 book ai didi

azure - 如何使用 Azure.Identity.ClientSecretCredential 访问 Azure 队列?

转载 作者:行者123 更新时间:2023-12-02 23:06:19 31 4
gpt4 key购买 nike

我已在 Azure 中创建了应用程序注册并添加了对 Azure 存储的访问权限 (user_impersonation): enter image description here

控制台应用程序使用这些包:

<PackageReference Include="Azure.Identity" Version="1.2.0-preview.6" />
<PackageReference Include="Azure.Storage.Queues" Version="12.4.0-preview.5" />

代码如下:

var tc = new ClientSecretCredential("{tenant-id}", "{client-id}", "{client-secret}");
var client = new QueueClient(new Uri("https://{storage-name}.queue.core.windows.net/example-q"), tc);

// this fails with error
client.SendMessage("msg");

错误信息如下:

Unhandled exception. Azure.RequestFailedException: This request is not authorized to perform this operation using this permission.
RequestId:13f45216-9003-0061-49cf-616632000000
Time:2020-07-24T15:32:44.9586872Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionMismatch

Headers:
Server: Windows-Azure-Queue/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id: 13f45216-9003-0061-49cf-616632000000
x-ms-version: 2018-11-09
x-ms-error-code: AuthorizationPermissionMismatch
Date: Fri, 24 Jul 2020 15:32:44 GMT
Content-Length: 279
Content-Type: application/xml

at Azure.Storage.Queues.QueueRestClient.Messages.EnqueueAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response)
at Azure.Storage.Queues.QueueRestClient.Messages.EnqueueAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, QueueSendMessage message, String version, Nullable`1 visibilitytimeout, Nullable`1 messageTimeToLive, Nullable`1 timeout, String requestId, Boolean async, String operationName, CancellationToken cancellationToken)
at Azure.Storage.Queues.QueueClient.SendMessageInternal(String messageText, Nullable`1 visibilityTimeout, Nullable`1 timeToLive, Boolean async, CancellationToken cancellationToken)
at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
at Azure.Storage.Queues.QueueClient.SendMessage(String messageText, Nullable`1 visibilityTimeout, Nullable`1 timeToLive, CancellationToken cancellationToken)
at Azure.Storage.Queues.QueueClient.SendMessage(String messageText)

最佳答案

如果要使用服务主体访问 Azure 队列存储,则必须将 Azure RABC 角色(存储队列数据贡献者)分配给 sp。更多详情请引用document

例如

  1. 创建服务主体并分配角色
az login

az ad sp create-for-rbac -n "MyApp" --role 'Storage Queue Data Contributor' \
--scope '/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>'
  • 代码(我使用相同版本的sdk)
  • ClientSecretCredential cred = new ClientSecretCredential(tenantId, clientId, clientSecret);
    var client = new QueueClient(new Uri("https://blobstorage0516.queue.core.windows.net/test"), cred);
    string message = "First Message to azure Queue";
    client.SendMessage(message);

    enter image description here

    关于azure - 如何使用 Azure.Identity.ClientSecretCredential 访问 Azure 队列?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63076867/

    31 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com