如何使用Azure.Identity.ClientSecretCredential访问Azure队列?
我已在Azure中创建应用注册,并添加了对Azure存储的访问(用户模拟): console应用程序使用以下软件包:如何使用Azure.Identity.ClientSecretCredential访问Azure队列?,azure,azure-active-directory,queue,storage,identity,Azure,Azure Active Directory,Queue,Storage,Identity,我已在Azure中创建应用注册,并添加了对Azure存储的访问(用户模拟): console应用程序使用以下软件包: 代码如下所示: var tc=new ClientSecretCredential(“{tenant id}”,“{client id},“{client secret}”); var client=new QueueClient(新Uri(“https://{storage name}.queue.core.windows.net/example-q”),tc); //这
var tc=new ClientSecretCredential(“{tenant id}”,“{client id},“{client secret}”);
var client=new QueueClient(新Uri(“https://{storage name}.queue.core.windows.net/example-q”),tc);
//这会出错
client.SendMessage(“msg”);
Unhandled exception. Azure.RequestFailedException: This request is not authorized to perform this operation using this permission.
RequestId:13f45216-9003-0061-49cf-616632000000
Time:2020-07-24T15:32:44.9586872Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionMismatch
Headers:
Server: Windows-Azure-Queue/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id: 13f45216-9003-0061-49cf-616632000000
x-ms-version: 2018-11-09
x-ms-error-code: AuthorizationPermissionMismatch
Date: Fri, 24 Jul 2020 15:32:44 GMT
Content-Length: 279
Content-Type: application/xml
at Azure.Storage.Queues.QueueRestClient.Messages.EnqueueAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response)
at Azure.Storage.Queues.QueueRestClient.Messages.EnqueueAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, QueueSendMessage message, String version, Nullable`1 visibilitytimeout, Nullable`1 messageTimeToLive, Nullable`1 timeout, String requestId, Boolean async, String operationName, CancellationToken cancellationToken)
at Azure.Storage.Queues.QueueClient.SendMessageInternal(String messageText, Nullable`1 visibilityTimeout, Nullable`1 timeToLive, Boolean async, CancellationToken cancellationToken)
at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
at Azure.Storage.Queues.QueueClient.SendMessage(String messageText, Nullable`1 visibilityTimeout, Nullable`1 timeToLive, CancellationToken cancellationToken)
at Azure.Storage.Queues.QueueClient.SendMessage(String messageText)
如果要使用服务主体访问Azure队列存储,必须将Azure RABC角色(存储队列数据参与者)分配给sp。有关更多详细信息,请参阅 比如说
az登录
az ad sp为rbac创建-n“MyApp”--角色“存储队列数据参与者”\
--作用域“/subscriptions//resourceGroups//providers/Microsoft.Storage/storageAccounts/”
ClientSecretCredential cred=新的ClientSecretCredential(tenantId、clientId、clientSecret);
var client=new QueueClient(新Uri(“https://blobstorage0516.queue.core.windows.net/test"(cred),;
string message=“发送到azure队列的第一条消息”;
client.SendMessage(message);
这项功能非常有效。不过,我还想支持另一种场景:应用程序注册,它充当客户机并拥有此QueueApi的权限。我无法使其工作,是否支持此功能?@stefheynrath您能详细描述您的问题吗?您是否注册了Azure AD应用程序,然后希望使用该应用程序访问Azure队列?请参阅(希望描述正确)@stefheynrath请直接将Azure RABC角色(存储队列数据参与者)分配给客户端应用程序(QueueClient)然后可以使用
ClientSecretCredential