问题
I am working on a dll that is used by web form application. One of dll's features is creating Google CalendarService and using it. When I run the webforms on my local host everything is running smoothly. However, if I run it from Azure websites
'GoogleWebAuthorizationBroker.AuthorizeAsync' method throws HttpListenerException (0x5): Access is denied
Here is a stack trace:
[HttpListenerException (0x5): Access is denied]
Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +82
Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task) +71
Mosoft.Integrations.CalendarService.<GetCredentials>d__2.MoveNext() +362
[AggregateException: One or more errors occurred.]
System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) +3833113
System.Threading.Tasks.Task`1.GetResultCore(Boolean aitCompletionNotification) +73
System.Threading.Tasks.Task`1.get_Result() +10900681
Mosoft.Integrations.CalendarService.GoogleCalendar..ctor(Int32 userID) +38
WebFormsDemo.ModalCreate.CreateServices() +35
WebFormsDemo.ModalCreate.Page_Load(Object sender, EventArgs e) +240 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772
And this is how I set up the credentials
private static async Task<BaseClientService.Initializer> GetCredentials(int userID)
{
ClientSecrets secrets = new ClientSecrets
{
ClientId = CLIENT_ID,
ClientSecret = CLIENT_SECRET
};
UserCredential googleCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets,
new[] { Google.Apis.Calendar.v3.CalendarService.Scope.Calendar }, userID.ToString(), CancellationToken.None, new MyDataStore());
var initializer = new BaseClientService.Initializer
{
HttpClientInitializer = googleCredential,
ApplicationName = "MyCalendar"
};
return initializer;
}
Any suggestions what could be wrong? Or pointing towards right direction?
回答1:
Both are using Service Accounts, so i hope it will help you.
Possability #1:
When you generate the P12 certificate, did you try changing
var certificate = new X509Certificate2(p12Path, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
//(notice the X509KeyStorageFlags.MachineKeySet |)
Possability #2, authentication using service accounts
string keyFilePath = System.Web.Hosting.HostingEnvironment.MapPath("~/----path to json credentials downloaded using google developer console ---.json");
string p12Path = System.Web.Hosting.HostingEnvironment.MapPath("~/---path to p12 certificate ----.p12");
string[] scopes = new string[] {
CalendarService.Scope.Calendar, // Manage your calendars
CalendarService.Scope.CalendarReadonly // View your Calendars
};
var certificate = new X509Certificate2(p12Path, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("--email generated by google developer console ending with ----@developer.gserviceaccount.com")
{
Scopes = scopes
}.FromCertificate(certificate));
CalendarService service = new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "----the project name used from developer console---",
});
回答2:
To use Google APIs you usually have to white-list the domain the API request will be coming from. Did you forget to white-list your azure website's domain?
回答3:
UserCredential googleCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets,
new[] { Google.Apis.Calendar.v3.CalendarService.Scope.Calendar }, userID.ToString(), CancellationToken.None, new MyDataStore());
This doesn't seem to be the right way to authenticate using a web app. This answer is how I stopped the "Access is denied" error.
来源:https://stackoverflow.com/questions/29849751/azure-websites-denies-access-to-google-api