Fatal编程技术网
  • oauth/
  • 通过MSAL/OAuth访问Azure存储帐户的Blob

通过MSAL/OAuth访问Azure存储帐户的Blob

oauth

通过MSAL/OAuth访问Azure存储帐户的Blob,oauth,azure-storage,azure-storage-blobs,msal,Oauth,Azure Storage,Azure Storage Blobs,Msal,我必须通过msal访问并上传文件到azure存储blob。因此,我按照Microsoft的示例进行了跟踪和配置。我甚至将应用程序注册的服务负责人添加到存储帐户的IAM中,角色为“存储Blob数据所有者”和“存储Blob委托人”。访问Blob时,我遇到以下异常: An unhandled exception occurred while processing the request. RequestFailedException: This request is not authorized to

我必须通过msal访问并上传文件到azure存储blob。因此,我按照Microsoft的示例进行了跟踪和配置。我甚至将应用程序注册的服务负责人添加到存储帐户的IAM中,角色为“存储Blob数据所有者”和“存储Blob委托人”。访问Blob时,我遇到以下异常:

An unhandled exception occurred while processing the request.
RequestFailedException: This request is not authorized to perform this operation using this permission.
RequestId:c0de0782-701e-005b-69cd-a2c6ac000000
Time:2020-10-15T08:27:43.7229905Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: **AuthorizationPermissionMismatch**

Headers:
Server: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id: c0de0782-701e-005b-69cd-a2c6ac000000
x-ms-client-request-id: a18e57f6-b22e-48c8-990b-320529a4ef13
x-ms-version: 2019-12-12
x-ms-error-code: AuthorizationPermissionMismatch
Date: Thu, 15 Oct 2020 08:27:43 GMT
Content-Length: 279
Content-Type: application/xml

Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response)

    Stack Query Cookies Headers Routing 

    RequestFailedException: This request is not authorized to perform this operation using this permission. RequestId:c0de0782-701e-005b-69cd-a2c6ac000000 Time:2020-10-15T08:27:43.7229905Z Status: 403 (This request is not authorized to perform this operation using this permission.) ErrorCode: AuthorizationPermissionMismatch Headers: Server: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0 x-ms-request-id: c0de0782-701e-005b-69cd-a2c6ac000000 x-ms-client-request-id: a18e57f6-b22e-48c8-990b-320529a4ef13 x-ms-version: 2019-12-12 x-ms-error-code: AuthorizationPermissionMismatch Date: Thu, 15 Oct 2020 08:27:43 GMT Content-Length: 279 Content-Type: application/xml
        Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response)
        Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, Stream body, long contentLength, string version, Nullable<int> timeout, byte[] transactionalContentHash, string blobContentType, string blobContentEncoding, string blobContentLanguage, byte[] blobContentHash, string blobCacheControl, IDictionary<string, string> metadata, string leaseId, string blobContentDisposition, string encryptionKey, string encryptionKeySha256, Nullable<EncryptionAlgorithmType> encryptionAlgorithm, string encryptionScope, Nullable<AccessTier> tier, Nullable<DateTimeOffset> ifModifiedSince, Nullable<DateTimeOffset> ifUnmodifiedSince, Nullable<ETag> ifMatch, Nullable<ETag> ifNoneMatch, string ifTags, string requestId, string blobTagsString, bool async, string operationName, CancellationToken cancellationToken)
        System.Threading.Tasks.ValueTask<TResult>.get_Result()
        System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable<TResult>+ConfiguredValueTaskAwaiter.GetResult()
        Azure.Storage.Blobs.Specialized.BlockBlobClient.UploadInternal(Stream content, BlobHttpHeaders blobHttpHeaders, IDictionary<string, string> metadata, IDictionary<string, string> tags, BlobRequestConditions conditions, Nullable<AccessTier> accessTier, IProgress<long> progressHandler, string operationName, bool async, CancellationToken cancellationToken)
        Azure.Storage.Blobs.Specialized.BlockBlobClient+<>c__DisplayClass48_0+<<GetPartitionedUploaderBehaviors>b__0>d.MoveNext()
        Azure.Storage.PartitionedUploader<TServiceSpecificArgs, TCompleteUploadReturn>.UploadInternal(Stream content, TServiceSpecificArgs args, IProgress<long> progressHandler, bool async, CancellationToken cancellationToken)
        Azure.Storage.Blobs.BlobClient.StagedUploadInternal(Stream content, BlobUploadOptions options, bool async, CancellationToken cancellationToken)
        Azure.Storage.Blobs.BlobClient.UploadAsync(Stream content)
        WebApp_OpenIDConnect_DotNet.Controllers.HomeController.CreateBlob(TokenAcquisitionTokenCredential tokenCredential) in HomeController.cs

                    await blobClient.UploadAsync(stream);

WebApp_OpenIDConnect_DotNet.Controllers.HomeController.Blob() in HomeController.cs

                string message = await CreateBlob(new TokenAcquisitionTokenCredential(_tokenAcquisition));

Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments)
System.Threading.Tasks.ValueTask<TResult>.get_Result()
System.Runtime.CompilerServices.ValueTaskAwaiter<TResult>.GetResult()
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|19_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

处理请求时发生未处理的异常。
RequestFailedException:未授权此请求使用此权限执行此操作。
请求ID:c0de0782-701e-005b-69cd-a2c6ac000000
时间:2020-10-15T08:27:43.7229905Z
状态:403(此请求无权使用此权限执行此操作。)
错误代码:**授权权限不匹配**
标题:
服务器:Windows Azure Blob/1.0、Microsoft HTTPAPI/2.0
x-ms-request-id:c0de0782-701e-005b-69cd-a2c6ac000000
x-ms-client-request-id:a18e57f6-b22e-48c8-990b-320529A4 EF13
x-ms-version:2019-12-12
x-ms-error-code:授权权限不匹配
日期:2020年10月15日星期四08:27:43 GMT
内容长度:279
内容类型:application/xml
Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync\u CreateResponse(ClientDiagnostics ClientDiagnostics,Response-Response)
堆栈查询Cookies头路由
RequestFailedException:未授权此请求使用此权限执行此操作。RequestId:c0de0782-701e-005b-69cd-a2c6ac000000时间:2020-10-15T08:27:43.7229905Z状态:403(未授权此请求使用此权限执行此操作。)错误代码:AuthorizationPermissionMissing标头:服务器:Windows Azure Blob/1.0,Microsoft HTTPAPI/2.0 x-ms-request-id:c0de0782-701e-005b-69cd-a2c6ac000000 x-ms-client-request-id:a18e57f6-b22e-48c8-990b-320529a4ef13 x-ms-version:2019-12-12 x-ms-error-code:AuthorizationPermission不匹配日期:2020年10月15日星期四08:27:43 GMT内容长度:279内容类型:应用程序/xml
Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync\u CreateResponse(ClientDiagnostics ClientDiagnostics,Response-Response)

Azure.Storage.Blobs.BlobRestClient+BlockBlob.UploadAsync(ClientDiagnostics ClientDiagnostics、HttpPipeline管道、Uri resourceUri、流体、长contentLength、字符串版本、可空超时、字节[]transactionalContentHash、字符串blobContentType、字符串blobContentEncoding、字符串blobContentLanguage、字节[])blobContentHash、string blobCacheControl、IDictionary元数据、string leaseId、string blobContentDisposition、string encryptionKey、string encryptionKeySha256、Nullable EncryptionGorithm、string encryptionScope、Nullable请确保您已授予“存储Blob数据所有者”将角色授予您正在使用的用户帐户。当我仅将此角色授予SP时,出现了相同的错误,在我将此角色授予登录用户帐户后,一切正常。


结果:



在我的容器中:

请确保您已将“存储Blob数据所有者”角色授予您正在使用的用户帐户。当我仅将此角色授予SP时,出现了相同的错误,在将此角色授予登录用户帐户后,一切正常。


结果:



在我的容器中:

请告诉我们您是否添加了权限Azure存储/用户\模拟。请参阅此请告诉我们您是否添加了权限Azure存储/用户\模拟。请参阅此解决方案!非常感谢!我甚至不需要在存储帐户的IAM中添加服务主体的权限。这就是解决方案!非常感谢!我甚至不需要在存储帐户的IAM中添加服务主体的权限。