问题描述
我有一个任务(我尝试使用辅助角色并上传控制台应用程序并运行 .exe),该任务应该每天运行一次并收集我的一些 VM 的 Azure 指标.这在本地完美运行,但在云服务上我收到此错误:
I have a task ( I tried with worker role and to upload a console app and run the .exe) that should run once a day and gather Azure Metrics of some of my VMs. This works flawlessly locally but on a cloud service I get this Error:
未处理的异常:Microsoft.WindowsAzure.CloudException:ForbiddenError:服务器未能对请求进行身份验证.验证证书是否有效并与此订阅相关联.在 Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSucces ...等.
Unhandled Exception: Microsoft.WindowsAzure.CloudException: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and associated with this subscription. at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSucces ... etc.
发生这种情况的行是:
MetricDefinitionListResponse metricListResponse = metricsClient.MetricDefinitions.List(resourceId, null,
nspace);
这是我的代码的一部分:
This is part of my code:
string subscriptionId = "fc4xxxx5-835c-xxxx-xxx-xxxxxxx";
// The thumbprint of the certificate.
string thumbprint = "f5 b4 xxxxxxxx f7 c2";
// Get the certificate from the local store.
//X509Certificate2 cert = GetCertificate(StoreName.My, StoreLocation.LocalMachine, thumbprint);
//cert = GetCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint) ?? new X509Certificate2(("manageAzure.cer"));
var cert = new X509Certificate2(("manageAzure.cer"));
Console.WriteLine("Certificate is : " + cert);
// Create the metrics client.
var metricsClient = new MetricsClient(new CertificateCloudCredentials(subscriptionId, cert));
Console.WriteLine("metricsClient is : " + metricsClient);
// The cloud service name and deployment name, found in the dashboard of the management portal.
string cloudServiceName = "abms2-carlsberg";
string deploymentName = "abms2-carlsberg";
// Build the resource ID string.
string resourceId = ResourceIdBuilder.BuildVirtualMachineResourceId(cloudServiceName, deploymentName);
string nspace = "WindowsAzure.Availability";
// Get the metric definitions.
MetricDefinitionListResponse metricListResponse = metricsClient.MetricDefinitions.List(resourceId, null,
nspace);
我已将管理证书放置在我的解决方案中,并从那里加载它(它设置为始终复制),并且与我在本地运行时使用的相同(和相同的方式).
I have placed the management certificate in my solution, and I load it from there (it is set to always copy) and is the same (and the same way) I use when I run it locally.
那么它在抱怨认证"是什么证书"?我似乎看不出问题出在哪里.任何帮助将不胜感激,因为我已经用了整个下午!
So what "certificate" is it complaining about "to authenticate"? I can't seem to see what the problem is. Any help would be greatly appreciated as I have used the whole afternoon on this!
PS:我已经在提升模式下运行它了!
PS: I am already running this in elevated mode!
推荐答案
对于可能有这个问题的其他人,我已经按照底部的说明解决了:(http://www.dinohy.com/post/2013/11/12/403-Forbidden-when-Use-Azure-Management-REST-API-on-Role-instance.aspx)
For someone else that may have this issue, I have solved it as explained here in the bottom : (http://www.dinohy.com/post/2013/11/12/403-Forbidden-when-Use-Azure-Management-REST-API-on-Role-instance.aspx)
从以下位置下载发布设置文件:https://manage.windowsazure.com/publishsettings/index?client=vs&schemaversion=2.0(这是一个XML文件,可以用记事本打开)
Download the publishsettings file from:https://manage.windowsazure.com/publishsettings/index?client=vs&schemaversion=2.0 (This is a XML file, you can open it with notepad)
找到 ManagementCertificate 属性,将值复制到字符串中.那一个Base64编码的字符串,可以用这个字符串创建证书:string base64Cer="The value of ManagementCertificate"
Find ManagementCertificate property, copy the value to a string. That a Base64 encoded string, you can use this string create a certificate: string base64Cer="The value of ManagementCertificate "
使用此字符串创建证书.var 证书 = 新 X509Certificate2(base64Cer);
Use this string create a certificate. var certificate = new X509Certificate2(base64Cer);
虽然这最后一步并不完全像直接传递字符串(因为字符串太长会导致异常)而是如下:var cert = new X509Certificate2(Convert.FromBase64String(base64cer));
although this last step is not exactly like passing the string directly (as the string is too long and will cause an exception) but rather is as follows: var cert = new X509Certificate2(Convert.FromBase64String(base64cer));
希望这也能帮助到我这个职位的其他人.
Hope this will help someone else in my position too.
这篇关于Azure API 服务器未能对请求进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!