1

我的控制台应用程序在 Azure 规模集中的 VM 上运行,但无法使用 VMSS 托管服务标识连接到 Azure 服务总线。

当它尝试通过TokenProvider.CreateManagedServiceIdentityTokenProvider()获取访问令牌时会引发异常。

  1. 在虚拟机规模集 (VMSS) 上启用了标识(系统分配)。
  2. VMSS 标识在服务总线命名空间上分配了角色 Azure 服务总线数据所有者

是否有我遗漏的步骤或要求?

示例代码

var sbEndpoint = "sb://mysbnamespace.servicebus.windows.net/";
var sbQueueName = "myqueue";
var tokenProvider = TokenProvider.CreateManagedServiceIdentityTokenProvider();
var sendClient = new QueueClient( sbEndpoint, sbQueueName, tokenProvider );

await sendClient.SendAsync( new Message( Encoding.UTF8.GetBytes( "abc 123" )));

例外

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried the following 4 methods to get an access token, but none of them worked.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\Users\makr\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: .
Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. ERROR: Please run 'az login' to setup account.

Parameters: Connectionstring: [No connection string specified], Resource: https://servicebus.azure.net/, Authority: https://login.microsoftonline.com/common. 
Exception Message: Tried to get token using Active Directory Integrated Authentication. Access token could not be acquired. get_user_name_failed: Failed to get user name

Inner Exception : No mapping between account names and security IDs was done

   at Microsoft.Azure.ServiceBus.Core.MessageSender.<OnSendAsync>d__52.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\Core\MessageSender.cs:line 567
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.ServiceBus.RetryPolicy.<RunOperation>d__19.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\RetryPolicy.cs:line 82
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.ServiceBus.RetryPolicy.<RunOperation>d__19.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\RetryPolicy.cs:line 107
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Azure.ServiceBus.Core.MessageSender.<SendAsync>d__39.MoveNext() in C:\source\azure-service-bus-dotnet\src\Microsoft.Azure.ServiceBus\Core\MessageSender.cs:line 266
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at AzureServiceBusManagedSystemIdentity.Program.<TestSbMsi>d__10.MoveNext()
======================================================

package.config (带有使 MSI 身份验证工作的 nuget)

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Microsoft.Azure.Amqp" version="2.4.2" targetFramework="net472" />
  <package id="Microsoft.Azure.ServiceBus" version="3.4.0" targetFramework="net472" />
  <package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="4.5.1" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.4.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Logging" version="5.4.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Tokens" version="5.4.0" targetFramework="net472" />
  <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net472" />
  <package id="System.Diagnostics.DiagnosticSource" version="4.5.1" targetFramework="net472" />
  <package id="System.IdentityModel.Tokens.Jwt" version="5.4.0" targetFramework="net472" />
  <package id="System.IO" version="4.3.0" targetFramework="net472" />
  <package id="System.Net.WebSockets" version="4.3.0" targetFramework="net472" />
  <package id="System.Net.WebSockets.Client" version="4.3.2" targetFramework="net472" />
  <package id="System.Runtime" version="4.3.1" targetFramework="net472" />
  <package id="System.Runtime.Serialization.Primitives" version="4.3.0" targetFramework="net472" />
  <package id="System.Security.Cryptography.Algorithms" version="4.3.1" targetFramework="net472" />
 <package id="System.Security.Cryptography.Encoding" version="4.3.0" targetFramework="net472" />
 <package id="System.Security.Cryptography.Primitives" version="4.3.0" targetFramework="net472" />
 <package id="System.Security.Cryptography.X509Certificates" version="4.3.2" targetFramework="net472" />
</packages>
4

2 回答 2

1

根据异常消息,似乎未在 VMSS 上启用托管标识。您如何验证它是否已启用?

另外,您能否指定您使用的是哪个 Service Bus NuGet 包以及什么版本?

于 2019-06-13T05:17:23.050 回答
0

将 Nuget 包更新到彼此兼容的最新版本解决了该问题,请参阅 OP 中的包列表。

感谢@Varun 引导我找到一个明显的解决方案。

于 2019-06-13T07:40:57.357 回答