Azure WebSites拒绝访问Google

Question

我正在开发一个由web表单应用程序使用的dll。dll的一个功能是创建并使用Google CalendarService。当我在本地主机上运行webforms时，一切都很顺利。但是，如果我从Azure网站运行它

'GoogleWebAuthorizationBroker.AuthorizeAsync‘方法引发HttpListenerException (0x5)：访问被拒绝

下面是堆栈跟踪：

[HttpListenerException (0x5): Access is denied]
Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +82   
Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task) +71   
Mosoft.Integrations.CalendarService.<GetCredentials>d__2.MoveNext() +362

[AggregateException: One or more errors occurred.]
System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) +3833113
System.Threading.Tasks.Task`1.GetResultCore(Boolean aitCompletionNotification) +73
System.Threading.Tasks.Task`1.get_Result() +10900681
Mosoft.Integrations.CalendarService.GoogleCalendar..ctor(Int32 userID) +38
WebFormsDemo.ModalCreate.CreateServices() +35
WebFormsDemo.ModalCreate.Page_Load(Object sender, EventArgs e) +240 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772

我就是这样建立证书的

private static async Task<BaseClientService.Initializer> GetCredentials(int userID)
    {
        ClientSecrets secrets = new ClientSecrets
        {
            ClientId = CLIENT_ID,
            ClientSecret = CLIENT_SECRET
        };

         UserCredential googleCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets,
            new[] { Google.Apis.Calendar.v3.CalendarService.Scope.Calendar }, userID.ToString(), CancellationToken.None, new MyDataStore());

         var initializer = new BaseClientService.Initializer
         {
             HttpClientInitializer = googleCredential,
             ApplicationName = "MyCalendar"
         };
         return initializer;
    }

有什么建议吗？还是指向正确的方向？

Answer 1

两者都在使用服务帐户，所以我希望它能对你有所帮助。

可能性#1：

生成P12证书时，是否尝试更改

var certificate = new X509Certificate2(p12Path, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

//(notice the X509KeyStorageFlags.MachineKeySet |)

可能#2，使用服务帐户进行身份验证

string keyFilePath = System.Web.Hosting.HostingEnvironment.MapPath("~/----path to json credentials downloaded using google developer console ---.json");
string p12Path = System.Web.Hosting.HostingEnvironment.MapPath("~/---path to p12 certificate ----.p12");
string[] scopes = new string[] {
    CalendarService.Scope.Calendar, // Manage your calendars
    CalendarService.Scope.CalendarReadonly // View your Calendars
};

       var certificate = new X509Certificate2(p12Path, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

ServiceAccountCredential credential = new ServiceAccountCredential(
    new ServiceAccountCredential.Initializer("--email generated by google developer console ending with ----@developer.gserviceaccount.com")
    {
        Scopes = scopes
    }.FromCertificate(certificate));

    CalendarService service = new CalendarService(new BaseClientService.Initializer()
    {
        HttpClientInitializer = credential,
        ApplicationName = "----the project name used from developer console---",
    });

Answer 2

要使用Google，您通常必须白色列出API请求将来自的域。你忘了把你的蓝色网站的域名白名单了吗？

Answer 3

 UserCredential googleCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets,
            new[] { Google.Apis.Calendar.v3.CalendarService.Scope.Calendar }, userID.ToString(), CancellationToken.None, new MyDataStore());

这似乎不是使用web应用程序进行身份验证的正确方式。This answer是如何停止“访问被拒绝”错误的。