问题
Can't able to create linked services using Azure data factory (ADF), I have read/write permission for linked services at ADF level.
using Microsoft.Azure.Management.ResourceManager;
using Microsoft.Azure.Management.DataFactory;
using Microsoft.Azure.Management.DataFactory.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
LinkedServiceResource storageLinkedService = new
LinkedServiceResource(
new AzureStorageLinkedService
{
ConnectionString = new
SecureString("DefaultEndpointsProtocol=https;AccountName=" +
storageAccount + ";AccountKey=" + storageKey)
}
);
client.LinkedServices.CreateOrUpdate(resourceGroup,
dataFactoryName, storageLinkedServiceName, storageLinkedService);
BTW I used both client credential as well as user credential
ClientCredential cc = new ClientCredential(applicationId,
authenticationKey);
var cc = new UserPasswordCredential(userName, password);
Error Response for using Client credential:
Microsoft.Azure.Management.DataFactory.Models.ErrorResponseException:
Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.Management.DataFactory.LinkedServicesOperations.
<CreateOrUpdateWithHttpMessagesAsync>d__6.MoveNext() --- End of stack
trace from previous location where exception was thrown ---
Error Response for using User credential:
System.Net.Http.HttpRequestException: Response status code does not
indicate success: 401 (Unauthorized). --->
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException:
{"error":"invalid_client","error_description":"AADSTS70002: The
request body must contain the following parameter: 'client_secret or
client_assertion'.\r\nTrace ID: 2264d637-8786-4a40-96d4-
5d27b0670300\r\nCorrelation ID: fec688c8-bb92-49c2-86d3-
1e091181fe10\r\nTimestamp: 2017-11-29 05:30:23Z","error_codes":
[70002],"timestamp":"2017-11-29 05:30:23Z","trace_id":"2264d637-8786-
4a40-96d4-5d27b0670300","correlation_id":"fec688c8-bb92-49c2-86d3-
1e091181fe10"}: Unknown error
--- End of inner exception stack trace ---
回答1:
Accoring to your exception, it seems that you use the resource owner flow from a a web client. A confidential client, such as a web App client, cannot use direct user credentials.
You would need to invoke it as a public client (native client app), not as a confidential client (web app/API). Please refer to this document for more about how to use ADAL,especially the Constraints & Limitations section
No web sites/confidential clients This is not an ADAL limitation, but an AAD setting. You can only use those flows from a native client. A confidential client, such as a web site, cannot use direct user credentials.
To access resources in your subscription, you need to assign role to the registried App.
Please have a try to use the following to get TokenCredentials, The following is the demo code to create inked services. It works correctly on my side. We also could refer to this document.
private static async Task<string> GetToken(string tenantId, string clientId, string secretKey)
{
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(clientId, secretKey);
var tokenResponse = await context.AcquireTokenAsync("https://management.azure.com/", clientCredential);
var accessToken = tokenResponse.AccessToken;
return accessToken;
}
var token = GetToken(_tenantId, _clientId, _screctKey).Result;
TokenCredentials credentials = new TokenCredentials(token);
DataFactoryManagementClient client = new
DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
DataFactoryManagementClient client = new DataFactoryManagementClient(credentials) { SubscriptionId = subscriptionId };
LinkedServiceResource storageLinkedService = new LinkedServiceResource(new AzureStorageLinkedService{
ConnectionString = new SecureString("DefaultEndpointsProtocol=https;AccountName=" + storageAccount + ";AccountKey=" + storageKey)});
var result =client.LinkedServices.CreateOrUpdateWithHttpMessagesAsync(resourceGroup, factoryName, storageLinkedServiceName, storageLinkedService).Result;
来源:https://stackoverflow.com/questions/47546517/azure-linked-services-with-data-factory-custom-activity