azure-service-bus-dotnet icon indicating copy to clipboard operation
azure-service-bus-dotnet copied to clipboard

Published 20 hours ago verified publisher icon Azure

Managed identity error

Open markgould opened this issue 6 years ago • 5 comments

I'm attempting to use TokenProvider.CreateManagedServiceIdentityTokenProvider() to login and I'm getting an error. This is running through Visual Studio or from a command prompt. I haven't attempted to deploy to an actual container yet until I can get this to work.

<Error><Code>401</Code><Detail>MalformedToken: Invalid authorization header: The request is missing WRAP authorization credentials. TrackingId:0910eebc-76b3-414a-b45d-fabca4df9477_G33, SystemTracker:[namespace].servicebus.windows.net:[queue], Timestamp:11/9/2018 4:36:45 PM</Detail></Error>

Here is the request header:

GET /[queue]?api-version=2017-04&enrich=False HTTP/1.1
Authorization: [jwt]
UserAgent: SERVICEBUS/2017-04(api-origin=.NETStandard,Version=v2.0;os=Microsoft Windows 10.0.17134 ;version=3.1.0.0;product=Microsoft.Azure.ServiceBus)
Host: [namespace].servicebus.windows.net

I confirmed Azure Service Authentication has the right account set in VS and I decoded the JWT and it does appear to be correct (pointing to my local developer account)

Am I missing something?

markgould avatar Nov 09 '18 16:11 markgould

Here is a simple repro:

        static void Main(string[] args)
        {
            var token = TokenProvider.CreateManagedServiceIdentityTokenProvider();           
            var client = new ManagementClient("sb://namespace.servicebus.windows.net/",  token);
            var desc = client.GetQueueAsync("QueueName").Result;
        }

markgould avatar Nov 12 '18 14:11 markgould

Hi Mark, did you get any where with this? I have hit the exact same problem. Can use the QueueClient with almost identical code successfully, however the ManagementClient is having non of it.

AnthonyDewhirst avatar Dec 09 '18 20:12 AnthonyDewhirst

Unfortunately not. Hopefully we can get an answer here at some point.

markgould avatar Dec 09 '18 20:12 markgould

I am also hitting this issue, I attempted to deploy the code to an Azure Function and see the same issue I saw locally.

DominicJ2 avatar Jan 03 '19 00:01 DominicJ2

ManagementClient and old client's NamespaceManger doesn't support MSI right now in preview phase. The service needs few more changes. Right not MSI can be used only with the ARM based APIs for management. https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity#service-bus-roles-and-permissions

nemakam avatar Jan 03 '19 19:01 nemakam