服务结构托管 Asp.net WebApi 容器应用程序:403 - 禁止访问:访问被拒绝。在本地集群上
Service fabric hosted Asp.net WebApi Container application : 403 - Forbidden : Access is denied. on local cluster
我正在尝试改进 Asp.net MVC 应用程序。我已经包含了我的 Asp.Net WebApi 应用程序并将其部署到 AzureContainerRegistry 并且我在服务结构应用程序中引用了容器。我的 ServiceManifest 看起来像这样
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="BookingApiServicePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="BookingApiServiceType" UseImplicitHost="true" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ContainerHost>
<ImageName>bookingacr.azurecr.io/bookingapi</ImageName>
</ContainerHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Name="BookingApiServiceTypeEndpoint" Port="62651" UriScheme="http" Protocol="http"/>
</Endpoints>
</Resources>
</ServiceManifest>
应用程序清单如下所示
<ApplicationManifest ApplicationTypeName="BookingApiType"
ApplicationTypeVersion="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Parameters>
<Parameter Name="BookingApiService_InstanceCount" DefaultValue="-1" />
</Parameters>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="BookingApiServicePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
<Policies>
<ContainerHostPolicies CodePackageRef="Code" ContainersRetentionCount="2" RunInteractive="true">
<HealthConfig IncludeDockerHealthStatusInSystemHealthReport="true" RestartContainerOnUnhealthyDockerHealthStatus="false" />
<PortBinding ContainerPort="80" EndpointRef="BookingApiServiceTypeEndpoint" />
</ContainerHostPolicies>
</Policies>
</ServiceManifestImport>
<DefaultServices>
<Service Name="BookingApiService" ServicePackageActivationMode="ExclusiveProcess">
<StatelessService ServiceTypeName="BookingApiServiceType" InstanceCount="[BookingApiService_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
</DefaultServices>
</ApplicationManifest>
生成的 Url 是 MachineName:PortNumber(http://desktopm423:62651on 我的本地系统)但是在访问它时它显示
403 - Forbidden: Access is denied.
当部署到 ServiceFabric 实例时,我得到 IP 地址,消息是
Service Not found
看起来您的证书服务结构证书有问题,您必须将所有证书添加到计算机本地 Cert/root 和所有当前用户证书中
只要您不配置任何 Andmin 客户端证书,您对资源管理器 (:19080/Explorer) 的所有请求都会以 403 结束。
您可以在门户中添加管理员客户端证书的指纹:
以下是相同的 ARM 设置:-
{
"type": "Microsoft.ServiceFabric/clusters",
...
"properties": {
...
"ClientCertificateThumbprints": [
{
"CertificateThumbprint": "THUMBPRINT_HERE",
"IsAdmin": true
}
],
...
}
}
我正在尝试改进 Asp.net MVC 应用程序。我已经包含了我的 Asp.Net WebApi 应用程序并将其部署到 AzureContainerRegistry 并且我在服务结构应用程序中引用了容器。我的 ServiceManifest 看起来像这样
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="BookingApiServicePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="BookingApiServiceType" UseImplicitHost="true" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ContainerHost>
<ImageName>bookingacr.azurecr.io/bookingapi</ImageName>
</ContainerHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Name="BookingApiServiceTypeEndpoint" Port="62651" UriScheme="http" Protocol="http"/>
</Endpoints>
</Resources>
</ServiceManifest>
应用程序清单如下所示
<ApplicationManifest ApplicationTypeName="BookingApiType"
ApplicationTypeVersion="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Parameters>
<Parameter Name="BookingApiService_InstanceCount" DefaultValue="-1" />
</Parameters>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="BookingApiServicePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
<Policies>
<ContainerHostPolicies CodePackageRef="Code" ContainersRetentionCount="2" RunInteractive="true">
<HealthConfig IncludeDockerHealthStatusInSystemHealthReport="true" RestartContainerOnUnhealthyDockerHealthStatus="false" />
<PortBinding ContainerPort="80" EndpointRef="BookingApiServiceTypeEndpoint" />
</ContainerHostPolicies>
</Policies>
</ServiceManifestImport>
<DefaultServices>
<Service Name="BookingApiService" ServicePackageActivationMode="ExclusiveProcess">
<StatelessService ServiceTypeName="BookingApiServiceType" InstanceCount="[BookingApiService_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
</DefaultServices>
</ApplicationManifest>
生成的 Url 是 MachineName:PortNumber(http://desktopm423:62651on 我的本地系统)但是在访问它时它显示
403 - Forbidden: Access is denied.
当部署到 ServiceFabric 实例时,我得到 IP 地址,消息是
Service Not found
看起来您的证书服务结构证书有问题,您必须将所有证书添加到计算机本地 Cert/root 和所有当前用户证书中
只要您不配置任何 Andmin 客户端证书,您对资源管理器 (:19080/Explorer) 的所有请求都会以 403 结束。
您可以在门户中添加管理员客户端证书的指纹:
以下是相同的 ARM 设置:-
{
"type": "Microsoft.ServiceFabric/clusters",
...
"properties": {
...
"ClientCertificateThumbprints": [
{
"CertificateThumbprint": "THUMBPRINT_HERE",
"IsAdmin": true
}
],
...
}
}