具有对象 ID 的客户端无权在范围内执行操作“Microsoft.Web/serverfarms/read"

本文介绍了具有对象 ID 的客户端无权在范围内执行操作“Microsoft.Web/serverfarms/read"的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

限时送ChatGPT账号..

我正在使用 Azure 应用服务 API 来查看服务器详细信息，例如工作进程和区域等，以进行管理.从 AuthenticationContext.AcquireTokenAsync 方法生成令牌后，我请求以下 URL 以获取服务器详细信息 https://management.azure/subscriptions/_{/resourceGroups/<资源组名称>/providers/Microsoft.Web/serverfarms/?api-version=2018-02-01}

I am using Azure app service api to view server details like worker process and region etc. for management purpose. After generating token from AuthenticationContext.AcquireTokenAsync method, I am requesting following URL for server details https://management.azure/subscriptions/<sub ID>/resourceGroups/<resource group name>/providers/Microsoft.Web/serverfarms/?api-version=2018-02-01

在响应中，我收到 AuthorizationFailed 错误代码，详细信息如下:

In the response I am getting AuthorizationFailed error code with the detail given bellow:

客户端无权在范围/subscriptions/xxxxxxxx-xxxxxxx-xxxx/resourceGroups/xxxxxxxxxxx/providers/Microsoft.Web/serverfarms/xxxx"或范围内执行操作Microsoft.Web/serverfarms/read"是无效的.如果最近授予了访问权限，请刷新您的凭据.

The client does not have authorization to perform action 'Microsoft.Web/serverfarms/read' over scope '/subscriptions/xxxxxxxx-xxxxxxx-xxxx/resourceGroups/xxxxxxxxxxx/providers/Microsoft.Web/serverfarms/xxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.

但是当我使用 https 尝试相同的验证时://docs.microsoft/en-us/rest/api/appservice/appserviceenvironments/get 门户，我可以在其中尝试 API 进行测试，请求正在返回预期结果.

But when I try the same verification using https://docs.microsoft/en-us/rest/api/appservice/appserviceenvironments/get portal where I can try the APIs for testing, the request is returning expected results.

那么，还有其他方法可以进行身份​​验证，还是我必须定义一些权限才能实现该功能?

So, is there any other way to authenticate or should I have to define some permissions to achieve the functionality?

推荐答案

您使用的服务主体在该租户中没有权限.

The service principal you are using doesn't have rights within that tenant.

租户有订阅，服务主体属于租户.Azure 资源管理器还为给定主体公开基于角色的授权，这将授予它对 Azure 资源的权限.服务主体似乎无权读取该订阅.

Tenants have subscriptions and service principals belong to tenants. Azure resource manager also exposes role based authorization for a given principal, which would give it rights on Azure resources. It appears the service principal doesn't have rights to read from that subscription.

转到门户并找到您的订阅，点击Access Control (IAM)，然后点击Add role assignment with 对应的服务主体用于获取令牌.

Go to portal and find your subscription, click on Access Control (IAM) and then click on Add role assignment with correspond service principal which you use to acquire token.

成功授予权限后，刷新并重试.

After you have given successful permission, refresh and try again.

这篇关于具有对象 ID 的客户端无权在范围内执行操作“Microsoft.Web/serverfarms/read"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！