Azure Service Bus Operations使用ACS引发TimeoutException而不是UnauthorizedAccessException

Question

我正在使用访问控制服务来授权访问特定服务标识的特定服务总线订阅.

当从订阅接收会话或消息时,服务标识被授权并且可以根据需要接收和完成或放弃消息.

但是,我没有看到UnauthorizedAccessException尝试访问服务标识无权访问的订阅时,也没有在尝试执行规则组未针对该服务标识和依赖项发出声明的操作时看到此异常派对(如发送消息或创建主题).

相反,我最终看到了一个TimeoutException - "The timeout elapsed upon attempting to obtain a token while accessing 'https://namespace-sb.accesscontrol.windows.net/WRAPv0.9/'".内部例外是一个SecurityTokenException - "The token provider was unable to provide a security token while accessing 'https://namespace-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The operation has timed out'".这会导致RetryPolicy出​​现问题,因为Timeout Exception被认为是瞬态的.

但奇怪的是,我UnauthorizedAccessException在尝试接收订阅描述时收到了.根据服务总线操作所需的权利,应该可以在... myTopic/Subscriptions/mySubscription范围内使用Listen Claim提供服务标识.

我有以下设置:

• 服务身份:证明
• 规则组:
  • 服务总线的默认规则组
    • 3条规则,输入声明:所有者,输出声明:管理,发送,收听
  • http://namespace.servicebus.windows.net/myTopic的规则组
    • 没有规则
  • http://namespace.servicebus.windows.net/myTopic/Subscriptions的规则组
    • 没有规则
  • 规则组为http://namespace.servicebus.windows.net/myTopic/Subscriptions/mySubscription
    • 一条规则:输入声明:testidentity,输出声明:倾听
• 依赖方申请:
  • 领域:http://namespace.servicebus.windows.net/myTopic/Subscriptions/mySubscription
  • 令牌格式:SWT
  • 令牌生命周期:10800
  • 身份提供者:无(ACS)
  • 与上面列出的所有规则组相关联

我看到以下问题:

var manager = NamespaceManager.CreateFromConnectionString("Endpoint=sb://namespace.servicebus.windows.net/;SharedSecretIssuer=testidentity;SharedSecretValue=SSdtIE5vdCBUZWxsaW5n=");
var description = manager.GetSubscription("myTopic","mySubscription");

结果在UnauthoriszedAccessException - "The remote server returned an error: (401) Unauthorized."我会希望能够检索的描述,而不是收到这个异常.有趣的是,这是身份可以访问的唯一域,并且是我唯一一次看到UnauthorizedAccessException.

var subscriptions = manager.GetSubscriptions("myTopic");

结果为a TimeoutException,内部异常类型SecurityTokenException.我希望在UnauthorizedAccessException这里.

var client = SubscriptionClient.CreateFromConnectionString("Endpoint=sb://namespace.servicebus.windows.net/;SharedSecretIssuer=testidentity;SharedSecretValue=SSdtIE5vdCBUZWxsaW5n=", "myTopic", "otherSubscription");
var message = client.Receive()

消息的结果null,但我希望再次UnauthorizedAccessException.检查输出,我看到输出窗口中发生异常但被客户端吞没:

A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.Net.WebException' occurred in System.dll
A first chance exception of type 'Microsoft.ServiceBus.TokenProviderHelper.InternalSecurityTokenException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll
A first chance exception of type 'System.TimeoutException' occurred in Microsoft.ServiceBus.dll

同样,尝试创建主题,发送消息等也会导致a TimeoutException.

这是尝试访问服务标识没有任何访问权限的域时的正确行为,而不是我期望接收到的UnauthorizedAccessException？

我猜设立不具有所期望的结果 - 身份可以不听比认购境界针对其身份有关联的监听规则确定的一个(或多个)其他订阅,但我担心的是,错误反馈不明确,并将导致连续重试.

任何建议都将非常感激.

Answer 1

8 月 22 日之后通过 Azure 门户创建的新 SB 命名空间不再生成伴随的 ACS 命名空间。因此，您收到的超时完全有可能是正确的行为。

若要生成 ACS 命名空间，请尝试使用 new-azuresbnamespace PowerShell cmdlet 创建 SB 命名空间。