.net - Azure 服务总线操作使用 ACS 引发 TimeoutException 而不是 UnauthorizedAccessException

Question

我正在使用访问控制服务来授权访问特定服务标识的特定服务总线订阅。

当接收来自订阅的会话或消息时，服务标识被授权并且可以根据需要接收和完成或放弃消息。

UnauthorizedAccessException但是，在尝试访问服务标识无权访问的订阅时，我没有看到，在尝试执行规则组未针对该服务标识和依赖发出声明的操作时，我也没有看到此异常聚会（例如发送消息或创建主题）。

相反，我最终看到了一个TimeoutException - "The timeout elapsed upon attempting to obtain a token while accessing 'https://namespace-sb.accesscontrol.windows.net/WRAPv0.9/'". 内部异常是一个SecurityTokenException - "The token provider was unable to provide a security token while accessing 'https://namespace-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The operation has timed out'". 这会导致 RetryPolicy 出现问题，因为超时异常被认为是暂时的。

但奇怪的是，我UnauthorizedAccessException在尝试接收订阅说明时收到了一条消息。根据服务总线操作所需的权利，应该可以在 ...myTopic/Subscriptions/mySubscription 范围内使用 Listen Claim 的服务身份使用的东西。

我有以下设置：

• 服务标识：testidentity
• 规则组：
  • 服务总线的默认规则组
    • 3 条规则，输入声明：所有者，输出声明：管理、发送、侦听
  • http://namespace.servicebus.windows.net/myTopic的规则组
    • 没有规则
  • http://namespace.servicebus.windows.net/myTopic/Subscriptions的规则组
    • 没有规则
  • http://namespace.servicebus.windows.net/myTopic/Subscriptions/mySubscription的规则组
    • 一条规则：输入声明：testidentity，输出声明：听
• 依赖方申请：
  • 领域： http: //namespace.servicebus.windows.net/myTopic/Subscriptions/mySubscription
  • 令牌格式：SWT
  • 代币寿命：10800
  • 身份提供者：无 (ACS)
  • 与上面列出的所有规则组相关联

我看到以下问题：

var manager = NamespaceManager.CreateFromConnectionString("Endpoint=sb://namespace.servicebus.windows.net/;SharedSecretIssuer=testidentity;SharedSecretValue=SSdtIE5vdCBUZWxsaW5n=");
var description = manager.GetSubscription("myTopic","mySubscription");

结果是UnauthoriszedAccessException - "The remote server returned an error: (401) Unauthorized."我希望能够检索描述，而不是收到此异常。有趣的是，这是身份可以访问的唯一领域，也是我唯一一次看到 UnauthorizedAccessException。

var subscriptions = manager.GetSubscriptions("myTopic");

结果为 a TimeoutException，内部异常类型为SecurityTokenException。我希望在UnauthorizedAccessException这里。

var client = SubscriptionClient.CreateFromConnectionString("Endpoint=sb://namespace.servicebus.windows.net/;SharedSecretIssuer=testidentity;SharedSecretValue=SSdtIE5vdCBUZWxsaW5n=", "myTopic", "otherSubscription");
var message = client.Receive()

结果是 message null，但我再次期待一个UnauthorizedAccessException. 检查输出，我看到输出窗口中出现异常但被客户端吞下：

A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll

同样，尝试创建主题、发送消息等也会导致TimeoutException.

当尝试访问服务身份无权访问的领域时，这是正确的行为，而不是我期望收到的UnauthorizedAccessException？

我猜该设置确实具有预期的结果 - 身份无法侦听订阅领域所标识的订阅以外的订阅，身份与其关联的侦听规则，但我担心错误反馈不清楚，并将导致连续重试。

任何建议将不胜感激。

Answer 1

8/22 之后通过 Azure 门户创建的新 SB 命名空间不再生成伴随的 ACS 命名空间。因此，您收到的超时完全有可能是正确的行为。

要生成 ACS 命名空间，请尝试使用 new-azuresbnamespace PowerShell cmdlet 创建 SB 命名空间。

Answer 2

其中一些令牌的生命周期/过期时间有限。因此，如果您使用的令牌已过期，则可能会导致您遇到的授权错误。