Azure链接服务与数据工厂自定义活动 [英] Azure linked services with data factory custom activity

问题描述

无法使用Azure数据工厂(ADF)创建链接的服务， 我对ADF级别的链接服务具有读/写权限.

Can't able to create linked services using Azure data factory (ADF), I have read/write permission for linked services at ADF level.

using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.Azure.Management.DataFactory.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

LinkedServiceResource storageLinkedService = new 
LinkedServiceResource(
new AzureStorageLinkedService
{
ConnectionString = new 
SecureString("DefaultEndpointsProtocol=https;AccountName=" + 
storageAccount + ";AccountKey=" + storageKey)
}
);
client.LinkedServices.CreateOrUpdate(resourceGroup, 
dataFactoryName, storageLinkedServiceName, storageLinkedService);

顺便说一句，我同时使用了客户端凭据和用户凭据

BTW I used both client credential as well as user credential

ClientCredential cc = new ClientCredential(applicationId, 
authenticationKey);
var cc = new UserPasswordCredential(userName, password);

使用客户端凭据的错误响应:

Microsoft.Azure.Management.DataFactory.Models.ErrorResponseException: 
Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.Management.DataFactory.LinkedServicesOperations.
<CreateOrUpdateWithHttpMessagesAsync>d__6.MoveNext() --- End of stack 
trace from previous location where exception was thrown ---

使用用户凭据的错误响应:

System.Net.Http.HttpRequestException:  Response status code does not 
indicate success: 401 (Unauthorized). ---> 
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: 
{"error":"invalid_client","error_description":"AADSTS70002: The 
request body must contain the following parameter: 'client_secret or 
client_assertion'.\r\nTrace ID: 2264d637-8786-4a40-96d4-
5d27b0670300\r\nCorrelation ID: fec688c8-bb92-49c2-86d3-
1e091181fe10\r\nTimestamp: 2017-11-29 05:30:23Z","error_codes":
[70002],"timestamp":"2017-11-29 05:30:23Z","trace_id":"2264d637-8786-
4a40-96d4-5d27b0670300","correlation_id":"fec688c8-bb92-49c2-86d3-
1e091181fe10"}: Unknown error
--- End of inner exception stack trace ---

推荐答案

根据您的例外情况，您似乎在使用来自Web客户端的资源所有者流.机密客户端(例如Web App客户端)不能使用直接用户凭据.

Accoring to your exception, it seems that you use the resource owner flow from a a web client. A confidential client, such as a web App client, cannot use direct user credentials.

您需要将其作为公共客户端(本机客户端应用程序)而不是作为机密客户端(Web应用程序/API)来调用.请参阅此文档以获取有关如何使用ADAL的更多信息，尤其是约束和条件限制部分

You would need to invoke it as a public client (native client app), not as a confidential client (web app/API). Please refer to this document for more about how to use ADAL,especially the Constraints & Limitations section

没有网站/机密客户 这不是ADAL限制，而是AAD设置.您只能使用来自本机客户端的流.诸如网站之类的机密客户端不能使用直接用户凭据.

No web sites/confidential clients This is not an ADAL limitation, but an AAD setting. You can only use those flows from a native client. A confidential client, such as a web site, cannot use direct user credentials.

要访问订阅中的资源，您需要

To access resources in your subscription, you need to assign role to the registried App.

请尝试使用以下命令获取TokenCredentials，以下是用于创建墨迹服务的演示代码.它在我这边正常工作.我们还可以参考此文档.

Please have a try to use the following to get TokenCredentials, The following is the demo code to create inked services. It works correctly on my side. We also could refer to this document.

 private static async Task<string> GetToken(string tenantId, string clientId, string secretKey)
        {
            var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
            ClientCredential clientCredential = new ClientCredential(clientId, secretKey);
            var tokenResponse = await context.AcquireTokenAsync("https://management.azure.com/", clientCredential); 
            var accessToken = tokenResponse.AccessToken;
            return accessToken;
        }



        var token = GetToken(_tenantId, _clientId, _screctKey).Result;
        TokenCredentials credentials = new TokenCredentials(token);
        DataFactoryManagementClient client = new 
        DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
        DataFactoryManagementClient client = new DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
        LinkedServiceResource storageLinkedService = new LinkedServiceResource(new AzureStorageLinkedService{
                     ConnectionString = new SecureString("DefaultEndpointsProtocol=https;AccountName=" + storageAccount + ";AccountKey=" + storageKey)});

       var result =client.LinkedServices.CreateOrUpdateWithHttpMessagesAsync(resourceGroup, factoryName, storageLinkedServiceName, storageLinkedService).Result;

这篇关于Azure链接服务与数据工厂自定义活动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！