Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Managed identity error #603

Open
markgould opened this issue Nov 9, 2018 · 5 comments
Open

Managed identity error #603

markgould opened this issue Nov 9, 2018 · 5 comments
Labels
feature
Milestone
Backlog

Comments

@markgould
Copy link

markgould commented Nov 9, 2018
edited
Loading

I'm attempting to use TokenProvider.CreateManagedServiceIdentityTokenProvider() to login and I'm getting an error. This is running through Visual Studio or from a command prompt. I haven't attempted to deploy to an actual container yet until I can get this to work.

<Error><Code>401</Code><Detail>MalformedToken: Invalid authorization header: The request is missing WRAP authorization credentials. TrackingId:0910eebc-76b3-414a-b45d-fabca4df9477_G33, SystemTracker:[namespace].servicebus.windows.net:[queue], Timestamp:11/9/2018 4:36:45 PM</Detail></Error>

Here is the request header:

GET /[queue]?api-version=2017-04&enrich=False HTTP/1.1
Authorization: [jwt]
UserAgent: SERVICEBUS/2017-04(api-origin=.NETStandard,Version=v2.0;os=Microsoft Windows 10.0.17134 ;version=3.1.0.0;product=Microsoft.Azure.ServiceBus)
Host: [namespace].servicebus.windows.net

I confirmed Azure Service Authentication has the right account set in VS and I decoded the JWT and it does appear to be correct (pointing to my local developer account)

Am I missing something?
@markgould
Copy link
Author

Here is a simple repro:

        static void Main(string[] args)
        {
            var token = TokenProvider.CreateManagedServiceIdentityTokenProvider();           
            var client = new ManagementClient("sb://namespace.servicebus.windows.net/",  token);
            var desc = client.GetQueueAsync("QueueName").Result;
        }

@AnthonyDewhirst
Copy link

Hi Mark, did you get any where with this? I have hit the exact same problem. Can use the QueueClient with almost identical code successfully, however the ManagementClient is having non of it.

@markgould
Copy link
Author

Unfortunately not. Hopefully we can get an answer here at some point.

@DominicJ2
Copy link

I am also hitting this issue, I attempted to deploy the code to an Azure Function and see the same issue I saw locally.

@nemakam
Copy link
Contributor

nemakam commented Jan 3, 2019

ManagementClient and old client's NamespaceManger doesn't support MSI right now in preview phase. The service needs few more changes. Right not MSI can be used only with the ARM based APIs for management.
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity#service-bus-roles-and-permissions

@nemakam nemakam added the feature label Jan 3, 2019
@nemakam nemakam added this to the Backlog milestone Jan 3, 2019
@markgould markgould mentioned this issue Jun 3, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@AnthonyDewhirst @markgould @DominicJ2 @nemakam