0

我可以使用 Azure 管理 REST API 将自定义域添加到我的 Azure 应用服务。我还需要通过将应用托管证书添加到我的应用服务来保护该自定义域。

static string _ClientId = Startup.StaticConfig.GetValue<string>("Azure:ClientId");
static string _ClientKey = Startup.StaticConfig.GetValue<string>("Azure:ClientSecret");
static string _TenantId = Startup.StaticConfig.GetValue<string>("Azure:TenantId");
static string _SubscriptionId = Startup.StaticConfig.GetValue<string>("Azure:SubscriptionId");
static string _ResourceGroupName = Startup.StaticConfig.GetValue<string>("Azure:ResourceGroupName");
static string _AppName = Startup.StaticConfig.GetValue<string>("Azure:AppName");
static string _AppServicePlanName = Startup.StaticConfig.GetValue<string>("Azure:AppServicePlanName");

public static string ResourceGroupName { get => _ResourceGroupName; set => _ResourceGroupName = value; }

public static async Task<HttpStatusCode> AddHostNameFromForumResponse(string sHostName)
{
    HttpResponseMessage responseMessage;
    var appId = _ClientId;
    var secretKey = _ClientKey;
    var tenantId = _TenantId;
    var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
    ClientCredential clientCredential = new ClientCredential(appId, secretKey);
    var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
    var accessToken = tokenResponse.AccessToken;
    
    using (var client = new HttpClient())
    {
        client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
        var baseUrl = new Uri($"https://management.azure.com/");
        var requestURl = baseUrl + $"subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/sites/{_AppName}/hostNameBindings/{sHostName}?api-version=2016-08-01";
        string body = $"{{\"properties\": {{\"azureResourceName\": \"{_AppName}\"}}}}";
        var stringContent = new StringContent(body, Encoding.UTF8, "application/json");
        responseMessage = await client.PutAsync(requestURl, stringContent);


        if (((long)responseMessage.StatusCode == 200)) // Trying to create the app managed certificate here
        {
            //requestURl = baseUrl + $"subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/certificates/{sHostName}?api-version=2019-08-01";
            requestURl = baseUrl + $"subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/certificates/{sHostName}?api-version=2021-02-01";
            var serverFarm = $"/subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/serverfarms/{_AppServicePlanName}";
            body = $"{{\"location\": \"West US\", \"properties\": {{\"canonicalName\": \"{sHostName}\", \"hostNames\": [\"{sHostName}\"], \"serverFarmId\": \"{serverFarm}\"}}}}";
            stringContent = new StringContent(body, Encoding.UTF8, "application/json");
            responseMessage = await client.PutAsync(requestURl, stringContent);
        }
    }

    return responseMessage.StatusCode;

我可以添加域,但是当我尝试 PUT 应用程序托管证书时,我收到 response message 404 - Not Found

我最初关注的是https://docs.microsoft.com/en-us/answers/questions/491924/creating-app-service-managed-certificates-via-api.html,它的 api 版本为 2019-08-01 ,但后来我发现https://docs.microsoft.com/en-us/rest/api/appservice/certificates/create-or-update的 api 版本为 2021-02-01。

我对serverFarm AppServicePlanName.

应用服务计划

注意(B1: 1). 不确定这是否是应用服务名称的一部分。我试过有无。这似乎没有什么不同。

以下是相关值:

requestUrl = https://management.azure.com/subscriptions/xxx-xx-4c7e01d9a379/resourceGroups/MyResourceGroup/providers/Microsoft.Web/certificates/contoso.com?api-version=2021-02-01

serverFarm = /subscriptions/xxx-xx-4c7e01d9a379/resourceGroups/MyResourceGroup/providers/Microsoft.Web/serverfarms/ResourceGroup-80c2

{"location": "East US", "properties": {"canonicalName": "contoso.com", "hostNames": ["contoso.com"], "serverFarmId": "/subscriptions/9497817f-xxxx-479a-bb9f-4c7e01d9a379/resourceGroups/MyShoppingCartResourceGroup/providers/Microsoft.Web/serverfarms/ASP-ResourceGroup-80c2"}}

请求正文

为什么我会收到 404 Not Found?有人有想法么?

编辑:分享答案

我解决了这个问题。显然,应用服务计划名称有 2 个不同版本。我认为这只是为了使事情过于复杂。当我创建域时,这不是问题。这只是为域创建证书时的一个问题。创建证书时,您必须在 serverFarm 中使用这两个版本的应用服务计划名称。查看我的应用服务计划的屏幕截图:

在此处输入图像描述

这是 serverFarm Id 的正确版本:

/subscriptions/xxx-xx-xxxx-xx-xxx-4c7e01d9a379/resourceGroups/X-XXX-Resource-Group/providers/Microsoft.Web/serverfarms/XXX-XXXResourceGroup-80c2

在 /resourceGroups 之后,将我突出显示的那个放在黄色中。在服务器农场放另一个之后,没有(B1:1)。

4

1 回答 1

0

这是我用来创建自定义域和创建证书的完整代码。

using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;

namespace MyShoppingCart.Helpers.ManagementLibrarySample
{
    public class ManagementLibrarySample
    {

        static string _ClientId = Startup.StaticConfig.GetValue<string>("Azure:ClientId");
        static string _ClientKey = Startup.StaticConfig.GetValue<string>("Azure:ClientSecret");
        static string _TenantId = Startup.StaticConfig.GetValue<string>("Azure:TenantId");
        static string _SubscriptionId = Startup.StaticConfig.GetValue<string>("Azure:SubscriptionId");
        static string _ResourceGroupName = Startup.StaticConfig.GetValue<string>("Azure:ResourceGroupName");
        static string _AlternateResourceGroupName = Startup.StaticConfig.GetValue<string>("Azure:AlternateResourceGroupName");
        static string _AppName = Startup.StaticConfig.GetValue<string>("Azure:AppName");
        static string _AppServicePlanName = Startup.StaticConfig.GetValue<string>("Azure:AppServicePlanName");

        public static async Task<HttpStatusCode> AddHostNameFromForumResponse(string sHostName)
        {
            HttpResponseMessage responseMessage;
            var appId = _ClientId;
            var secretKey = _ClientKey;
            var tenantId = _TenantId;
            var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
            ClientCredential clientCredential = new ClientCredential(appId, secretKey);
            var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
            var accessToken = tokenResponse.AccessToken;

            using (var client = new HttpClient())
            {
                client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken);
                var baseUrl = new Uri($"https://management.azure.com/");
                var requestURl = baseUrl + $"subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/sites/{_AppName}/hostNameBindings/{sHostName}?api-version=2016-08-01";
                string body = $"{{\"properties\": {{\"azureResourceName\": \"{_AppName}\"}}}}";
                var stringContent = new StringContent(body, Encoding.UTF8, "application/json");
                responseMessage = await client.PutAsync(requestURl, stringContent);


                if (((long)responseMessage.StatusCode == 200)) // Trying to create the app managed certificate here
                {
                    requestURl = baseUrl + $"subscriptions/{_SubscriptionId}/resourceGroups/{_ResourceGroupName}/providers/Microsoft.Web/certificates/{sHostName}?api-version=2021-02-01";

                    var serverFarm = $"/subscriptions/{_SubscriptionId}/resourceGroups/{_AlternateResourceGroupName}/providers/Microsoft.Web/serverfarms/{_AppServicePlanName}";

                    body = $"{{\"location\": \"West US\", \"properties\": {{\"canonicalName\": \"{sHostName}\", \"hostNames\": [\"{sHostName}\"], \"serverFarmId\": \"{serverFarm}\"}}}}";

                    stringContent = new StringContent(body, Encoding.UTF8, "application/json");
                    responseMessage = await client.PutAsync(requestURl, stringContent);
                }
            }

            return responseMessage.StatusCode;
        }
    }
}

这个名为的新变量_AlternateResourceGroupName是我原始帖子中以黄色突出显示的变量。

我仍然需要弄清楚的是如何将证书关联并绑定到自定义域名。如果有人有任何想法,请告诉我。

于 2022-01-23T05:16:22.453 回答