我已经(手动)在根级别创建了一个名为“testtopic”的主题。我正在尝试以编程方式从 ACS 管理服务获取 SWT,然后使用该 SWT 向“testtopic”主题发送消息。要检索 SWT,我使用以下代码:
var client = new WebClient();
client.BaseAddress = string.Format("https://connectedcloudapps.accesscontrol.windows.net");
var values = new NameValueCollection
{
{"wrap_name", "publisher"},
{"wrap_password", "password"},
{"wrap_scope", "https://connectedcloudapps.servicebus.windows.net/testtopic/"}
};
// WebClient takes care of the URL Encoding
byte[] responseBytes = client.UploadValues("WRAPv0.9", "POST", values);
string response = Encoding.UTF8.GetString(responseBytes);
var token = HttpUtility.UrlDecode(response
.Split('&')
.Single(value => value.StartsWith("wrap_access_token=",StringComparison.OrdinalIgnoreCase))
.Split('=')[1]);
以上工作正常,因为我收到了 SWT 作为回报。这么好……我想
以下是服务标识、规则等的配置:
Service identity
Name: publisher
Type:Password
Effective Date: 4/5/2013
Expiration Date: 4/5/2014
Rule group:
Name: publisherrule
Used by the following relying party applications:publisher rp
Rules (net.windows.servicebus.action):
IF
Input claim issuer: Access Control Service
Input claim type: nameidentifier
Input claim value: publisher
THEN
Output claim type:net.windows.servicebus.action
Output claim value:Send
Relying Party Applications
Name: publisher rp
realm:https://connectedcloudapps.servicebus.windows.net/testtopic
Return URL: <empty>
Error URL: <empty>
Token format: SWT
Token lifetime (secs):600
Authentication Settings
Identity providers:
<No Identity providers selected>
Rule groups:
Select the rule groups to use for this relying party application when processing claims.
'pubishrule' is selected via checkbox
Token Signing Keys:
Service Namespace Symmetric Key
配置完所有内容后,我使用以下内容,我已经更改了很多次,但无法将其发送到主题:
var tokenProvider = TokenProvider.CreateSimpleWebTokenProvider(token); //token is what was retrieved in above code
var factory = MessagingFactory.Create(ServiceBusEnvironment.CreateServiceUri("sb", "connectedcloudapps", string.Empty), tokenProvider);
var sender = factory.CreateTopicClient("testtopic");
var msg = new BrokeredMessage("Yahoooooooo");
try
{
sender.Send(msg);
}
我收到的错误是:
{System.UnauthorizedAccessException:令牌提供程序在访问“ https://connectedcloudapps-sb.accesscontrol.windows.net/WRAPv0.9/ ”时无法提供安全令牌。令牌提供程序返回消息:'错误:代码:401:子代码:T2002:详细信息:受众无效。:TraceID:bcd601fc-ac1b-4c23-bd85-67d8aeda83df:TimeStamp:2013-04-07 17:13:58Z'。---> System.IdentityModel.Tokens.SecurityTokenException:令牌提供者在访问“ https://connectedcloudapps-sb.accesscontrol.windows.net/WRAPv0.9/ ”时无法提供安全令牌'。令牌提供程序返回消息:'错误:代码:401:子代码:T2002:详细信息:受众无效。:TraceID:bcd601fc-ac1b-4c23-bd85-67d8aeda83df:TimeStamp:2013-04-07 17:13:58Z'。---> System.Net.WebException:远程服务器返回错误:(401)未经授权。在 System.Net.HttpWebRequest.GetResponse() 在 Microsoft.ServiceBus.TokenProviderHelper.GetAccessTokenCore(Uri requestUri, String applyTo, String requestToken, String simpleAuthAssertionFormat, TimeSpan timeout, String& expiresIn) --- 内部异常堆栈跟踪结束--- 在Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri,WebException 异常)在 Microsoft.ServiceBus.TokenProviderHelper.GetAccessTokenCore(Uri requestUri,字符串 applyTo,字符串 requestToken,字符串 simpleAuthAssertionFormat,
1 entityType, String transferDestinationEntityName) at Microsoft.ServiceBus.Messaging.Sbmp.CreateSenderLinkSettings..ctor(SbmpMessagingFactory messagingFactory, String entityName, Nullable1 entityType)在 Microsoft.ServiceBus.Messaging.Sbmp.SbmpTopicClient.OnBeginCreateSender(时间跨度超时,AsyncCallback 回调,对象状态)在 Microsoft.ServiceBus.Messaging.TopicClient.<>c__DisplayClass2.b__0(AsyncCallback c,Object s)在 Microsoft.ServiceBus .Messaging.OpenOnceManager.OpenOnceManagerAsyncResult1.BeginOperation() at Microsoft.ServiceBus.Messaging.OpenOnceManager.OpenOnceManagerAsyncResult1.OpenComplete(IAsyncResult result) at Microsoft.ServiceBus.Common.AsyncResult.SyncContinue(IAsyncResult result) at Microsoft.ServiceBus.Messaging.OpenOnceManager.OpenOnceManagerAsyncResult1..ctor(OpenOnceManager openOnceManager, TimeSpan openTimeout, AsyncCallback callback, Object state, Func3 beginOperation, EndOperation1 endOperation) at Microsoft.ServiceBus.Messaging.OpenOnceManager.Begin[T](AsyncCallback callback, Object state, Func3 beginOperation, Func`2 endOperation)
在 Microsoft.ServiceBus.Messaging.TopicClient.ThrowIfSenderNull(String operationName) 在 Microsoft.ServiceBus.Messaging.TopicClient.EnsureCreateInternalSender() 在 Microsoft.ServiceBus.Messaging.TopicClient.BeginCreateSender(TimeSpan timeout, AsyncCallback callback, Object state) .Messaging.TopicClient.Send(BrokeredMessage message) at Console.Program.PostToTopic(Uri uri, String token) in c:\Poc City\AirConCloud\Console\Program.cs:line 56}
归根结底,我将拥有很多很多服务身份,每个服务身份都需要访问该主题,或者具有不同的访问权限。
- 上述方法是否正确,我只缺少次要的管道细节?
- 这行不通,需要重新设计吗?
如果是 1,是什么问题,如果是 2,应该怎么做。
提前致谢