Powershell 访问正常,但 AzureCliCredential 失败,显示 “Principal X is not authorized”。

huangapple go评论96阅读模式
英文:

Powershell access works but AzureCliCredential fails with "Principal X is not authorized"

问题

在VS Code中的Polyglot笔记本中,执行以下代码后:

az login --tenant xyz

我可以执行以下操作:

az iot hub device-twin show --hub-name 'hub1' --device-id 'John' --query 'properties.desired' --output json --subscription 'sub1'

这很棒。

不幸的是,在尝试使用C#获取设备的Twin时,我无法使AzureCredential的任何提供程序正常工作。例如:

var hub = "hub1.azure-devices.net";
var deviceId = "John";

var credential = new AzureCliCredential(new AzureCliCredentialOptions { TenantId = "xyz", });

var rm = RegistryManager.Create(hub, credential);

var twin = await rm.GetTwinAsync(deviceId); // 这会失败

失败并显示以下错误:

错误: Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException: {"Message":"ErrorCode:IotHubUnauthorized;Principal @.com is not authorized for GET on /twins/John due to no assigned permissions","ExceptionMessage":"Tracking ID:abc:0-TimeStamp:06/26/2023 07:44:12"}

当使用InteractiveBrowserCredential时,错误相同。

使用连接字符串可以正常工作:

var rm = RegistryManager.CreateFromConnectionString("HostName=hub1.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=abc=");

var twin = await rm.GetTwinAsync(deviceId); // 这可以正常工作

问:我是否可以使用AzureCliCredential/InteractiveBrowserCredential通过我的个人帐户进行Azure身份验证?

所包含的库是:

#i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5/nuget/v3/index.json"
#i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json"

#r "nuget:Azure.Identity"
#r "nuget:Microsoft.Extensions.Azure"
#r "nuget:Microsoft.Azure.Devices"

using Azure.Identity;
using Microsoft.Extensions.Azure;
using Microsoft.Azure.Devices;
英文:

In a Polyglot Notebook in VS Code, after

az login --tenant xyz

I can

az iot hub device-twin show --hub-name 'hub1' --device-id 'John' --query 'properties.desired' --output json --subscription 'sub1'

This is great.

Sadly, when trying to get the twin using c# I cannot get any of the AzureCredential`s providers to work. For example:

var hub = "hub1.azure-devices.net";
var deviceId = "John";


var credential = new AzureCliCredential(new AzureCliCredentialOptions { TenantId = "xyz", }); 

var rm = RegistryManager.Create(hub, credential);

var twin = await rm.GetTwinAsync(deviceId); // This fails

fails with:

> Error: Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException: {"Message":"ErrorCode:IotHubUnauthorized;Principal <edited>@<edited>.com is not authorized for GET on /twins/John due to no assigned permissions","ExceptionMessage":"Tracking ID:abc:0-TimeStamp:06/26/2023 07:44:12"}
>

The error is the same when trying with InteractiveBrowserCredential.

Using a connection string works:

var rm = RegistryManager.CreateFromConnectionString("HostName=hub1.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=abc=");
            
var twin = await rm.GetTwinAsync(deviceId); // This works

Q: Can I authenticate to Azure with my personal account using AzureCliCredential/ InteractiveBrowserCredential?


The included libraries are:

#i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5/nuget/v3/index.json" 
#i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" 

#r "nuget:Azure.Identity"
#r "nuget:Microsoft.Extensions.Azure"
#r "nuget:Microsoft.Azure.Devices"

using Azure.Identity;
using Microsoft.Extensions.Azure;
using Microsoft.Azure.Devices;

答案1

得分: 1

>错误:Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException:{"Message":“ErrorCode:IotHubUnauthorized;Principal <edited>@<edited>.com is not authorized for GET on /twins/John due to no assigned permissions”,“ExceptionMessage”:“Tracking ID:abc:0-TimeStamp:06/26/2023 07:44:12”}

当您没有适当的角色来访问使用凭据的设备 ID 时会发生上述错误。

您需要为您的用户使用 IoT Hub Data Contributor 角色,并且您可以使用 Defaultazurecredential 在 C# 中获取双子。

角色:
Powershell 访问正常,但 AzureCliCredential 失败,显示 “Principal X is not authorized”。

使用 Defaultazurecredential 和相同的代码成功执行。

代码:

using Azure.Identity;
using Microsoft.Azure.Devices;

var hub = "<your-hub-name>.azure-devices.net";
var deviceId = "<your-device-name>";

var credential = new DefaultAzureCredential();
var rm = RegistryManager.Create(hub, credential);
var twin = await rm.GetTwinAsync(deviceId);
Console.WriteLine(twin.DeviceScope);

输出:

{
  "$metadata": {
    "$lastUpdated": "2021-08-11T05:22:12.3717129Z"
  },
  "$version": 1
}

Powershell 访问正常,但 AzureCliCredential 失败,显示 “Principal X is not authorized”。


<details>
<summary>英文:</summary>

&gt;Error:Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException: {&quot;Message&quot;:&quot;ErrorCode:IotHubUnauthorized;Principal &lt;edited&gt;@&lt;edited&gt;.com is not authorized for GET on /twins/John due to no assigned permissions&quot;,&quot;ExceptionMessage&quot;:&quot;Tracking ID:abc:0-TimeStamp:06/26/2023 07:44:12&quot;}

The above error occurs when you don&#39;t have the proper role to access the device id using credentials.

You need to use **`IoT Hub Data Contributor`** role for your user and you can use the [Defaultazurecredential](https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet#defaultazurecredential) to fetch the twin using c# .

**Role:**
![enter image description here](https://i.imgur.com/V7fGcFr.png)

Used the same code with Defaultazurecredential and it executed successfully.

**Code:**

     using Azure.Identity;
     using Microsoft.Azure.Devices;
        
        
        var hub = &quot;&lt;your-hub-name&gt;.azure-devices.net&quot;;
        var deviceId = &quot;&lt;your-device-name&gt;&quot;;
        
        var credential = new DefaultAzureCredential();
        var rm = RegistryManager.Create(hub, credential);
        var twin = await rm.GetTwinAsync(deviceId);
        Console.WriteLine(twin.DeviceScope);

**Output:**

    {
      &quot;$metadata&quot;: {
        &quot;$lastUpdated&quot;: &quot;2021-08-11T05:22:12.3717129Z&quot;
      },
      &quot;$version&quot;: 1
    }
![enter image description here](https://i.imgur.com/rlreu9J.png)

    
   

</details>



huangapple
  • 本文由 发表于 2023年6月26日 16:14:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/76554781.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定