Xamarin.forms 为什么我在使用DocumentClient时会遇到未经授权的异常,该客户端的权限是从我的Azure功能应用程序返回的?
受马特·苏库普在上节课的启发,我正试图做到这一点 我有一个Xamarin表单应用程序,它使用AD B2C对用户进行身份验证。然后,该应用程序从Azure功能请求该用户对Cosmos DB的权限列表。然后将返回的权限传递给DocumentClient构造函数 但是,当我尝试将文档保存到Cosmos DB中时,我会收到一个Xamarin.forms 为什么我在使用DocumentClient时会遇到未经授权的异常,该客户端的权限是从我的Azure功能应用程序返回的?,xamarin.forms,azure-functions,azure-cosmosdb,Xamarin.forms,Azure Functions,Azure Cosmosdb,受马特·苏库普在上节课的启发,我正试图做到这一点 我有一个Xamarin表单应用程序,它使用AD B2C对用户进行身份验证。然后,该应用程序从Azure功能请求该用户对Cosmos DB的权限列表。然后将返回的权限传递给DocumentClient构造函数 但是,当我尝试将文档保存到Cosmos DB中时,我会收到一个Microsoft.Azure.Documents.UnauthorizedException,并显示消息“客户端对于请求的资源没有任何有效的令牌” 以下是Azure函数中的相关代
Microsoft.Azure.Documents.UnauthorizedExceptionpublic static class CommDiaryBroker
{
[FunctionName("CommDiaryBroker")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
[CosmosDB(databaseName:"commdiarydb",collectionName:"roster",ConnectionStringSetting="CommDiaryCosmosConnectionString")] DocumentClient client,
ClaimsPrincipal claims,
ILogger log)
{
log.LogInformation("Requesting permissions for the commdiarydb database.");
if(claims == null)
{
return new NotFoundResult();
}
var azpClaim = claims.Claims.SingleOrDefault(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
var userId = azpClaim?.Value;
log.LogInformation($"User Id: {userId}");
if(string.IsNullOrEmpty(userId))
{
log.LogInformation("Returning not found result");
return new NotFoundResult();
}
var dbName = "commdiarydb";
var collectionname = "roster";
List<Permission> tokens = await GetPartitionPermission(userId, client, dbName, collectionname, log);
log.LogInformation($"Returning {tokens.Count} permissions");
return new OkObjectResult(tokens);
}
static async Task<List<Permission>> GetPartitionPermission(string userId, DocumentClient client, string databaseId, string collectionId, ILogger log)
{
var permissionId = userId;
Permission partitionPermission;
Uri permissionUri = UriFactory.CreatePermissionUri(databaseId, userId, permissionId);
Uri collectionUri = UriFactory.CreateDocumentCollectionUri(databaseId, collectionId);
Uri userUri = UriFactory.CreateUserUri(databaseId, userId);
try
{
partitionPermission = await client.ReadPermissionAsync(permissionUri);
log.LogInformation($"Existing roster partition permission found: {partitionPermission.Id}");
}
catch(DocumentClientException ex)
{
if(ex.StatusCode == System.Net.HttpStatusCode.NotFound)
{
log.LogInformation($"There wasn't an existing permission, so we create a user if one does not exist");
await CreateUserIfNotExistAsync(userId, client, databaseId, log);
Permission newPermission = new Permission
{
PermissionMode = PermissionMode.All,
Id = permissionId,
ResourceLink = collectionUri.ToString(),
ResourcePartitionKey = new PartitionKey(userId)
};
partitionPermission = await client.CreatePermissionAsync(userUri, newPermission);
}
else
{
log.LogInformation($"Something went wrong attempting to read a permission: {ex.Message}");
}
}
FeedResponse<Permission> permFeed = await client.ReadPermissionFeedAsync(userUri);
return permFeed.ToList();
}
static async Task CreateUserIfNotExistAsync(string userId, DocumentClient client, string databaseId, ILogger log)
{
try
{
await client.ReadUserAsync(UriFactory.CreateUserUri(databaseId, userId));
log.LogInformation("Found existing user");
}
catch(DocumentClientException ex)
{
if(ex.StatusCode == System.Net.HttpStatusCode.NotFound)
{
await client.CreateUserAsync(UriFactory.CreateDatabaseUri(databaseId), new User {Id = userId});
log.LogInformation("Attempted to create a user");
}
}
}
权限resourcePartitionKeyresourcePartitionKeyPermissionPermissionSummarypublic class PermissionSummary
{
public string Id { get; set; }
public string Token { get; set; }
public string UserId { get; set; }
}
GetPartitionPermission()任务
在方法的末尾,我从用户的权限提要编译了一个PermissionSummary
实例列表:
List<PermissionSummary> results = new List<PermissionSummary>();
FeedResponse<Permission> permFeed = await client.ReadPermissionFeedAsync(userUri);
foreach(var permission in permFeed.ToList())
{
results.Add(new PermissionSummary
{
Id = permission.Id,
Token = permission.Token,
UserId = userId
});
}
return results;
列表结果=新列表();
FeedResponse permFeed=wait client.ReadPermissionFeedAsync(userUri);
foreach(permFeed.ToList()中的var权限)
{
结果。添加(新权限摘要)
{
Id=permission.Id,
令牌=权限。令牌,
UserId=UserId
});
}
返回结果;
使用my Azure函数和Xamarin.Forms客户机项目中定义的PermissionSummary
类,这些对象现在可以正确序列化和反序列化
但是,我不能将这些PermissionSummary
实例直接传递给DocumentClient
构造函数;它需要权限
对象列表或访问令牌
因此,我修改了我的InitialiseAsync()
方法,采用一个名为permissionId
的string
参数
此方法现在检索所有PermissionSummary
实例,并根据传递给它的permissionId
选择正确的实例。然后,它将访问令牌从该PermissionSummary
传递到DocumentClient
构造函数
这意味着,在尝试访问Cosmos DB的任何方法中,例如我的UpdateRosterEntry()
方法,我现在需要为该权限构造权限id,该权限是允许登录用户访问该方法将操作的容器所必需的。这是可能的,因为我正在以标准方式构造权限ID
所以,一个似乎有效的解决办法。如果有人对能够序列化和反序列化权限
对象有任何想法,并因此为我最初的问题提供答案,我仍然很乐意听到他们
List<PermissionSummary> results = new List<PermissionSummary>();
FeedResponse<Permission> permFeed = await client.ReadPermissionFeedAsync(userUri);
foreach(var permission in permFeed.ToList())
{
results.Add(new PermissionSummary
{
Id = permission.Id,
Token = permission.Token,
UserId = userId
});
}
return results;