上下文
我有几个微服务分布在多个HTTP触发的Function App中,在Linux上的消费计划中运行,直到最近,所有Function App示例都使用设置为Anonymous的AuthenticalLevel。
现在,我已经将AuthenticalLevel切换为Function,并创建了Function App键。当然,所有客户端都使用带有正确键的x-functions-key头。
它的工作 * 大部分时间。
问题
但是,如果我在某个函数应用程序中调用一个函数,而该函数已经有一段时间没有被调用了,我会得到一个HTTP状态码401 - Unauthorized,并且我的函数应用程序中的函数不会被触发。
现在,奇怪的是,如果我重新启动功能应用程序,它又工作了。
调查
我很难找到任何关于发生了什么的线索,因为每次我开始记录,它又工作了。我让我的一个应用程序洞察日志窗口打开了一段时间,我已经能够在一个开始失败的函数应用程序中获得以下跟踪:
[Information] Executing StatusCodeResult, setting HTTP status code 401我不知道这个错误是什么意思,在搜索时,我在Github上找到了下面评论中提到的错误:
如果得到401 Unauthorized,找到文件function.json,如果authLevel设置为function(模板中的默认值),则将其更改为anonymous。我们无法在authlevel为anonymous以外的本地容器中访问http触发器。因为我们还没有函数键,这些键在我们使用容器创建Function应用程序后可用。
我没有使用容器(至少没有明确使用),所以我担心我面临的问题超出了我的专业领域。
问题
为什么返回的401代码知道标头中使用的密钥是正确的?是否可以使用功能密钥保护我在Linux上的消费计划中运行的功能应用程序?
日志
以下是从功能主机收到请求时开始的更多日志:
[Verbose] Request successfully matched the route with name 'v1-get-account' and template 'api/v1/accounts'
[Information] Request [37760fe9-e2cb-4555-b053-09fc7e294d41] HEAD https://<function_app_dedicated_storage>.blob.core.windows.net/azure-webjobs-secrets/<function_app_name>/host.json
x-ms-version:2021-08-06
Accept:application/xml
x-ms-client-request-id:37760fe9-e2cb-4555-b053-09fc7e294d41
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Storage.Blobs/12.13.0,(.NET 6.0.6; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
x-ms-date:Sun, 25 Dec 2022 16:16:36 GMT
Authorization:REDACTED
client assembly: Azure.Storage.Blobs
[Information] Response [37760fe9-e2cb-4555-b053-09fc7e294d41] 200 OK (00.0s)
Accept-Ranges:bytes
ETag:"0x8DACA94982533A3"
Server:Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id:e0db0aa4-801e-00a6-2d7c-18269c000000
x-ms-client-request-id:37760fe9-e2cb-4555-b053-09fc7e294d41
x-ms-version:2021-08-06
x-ms-creation-time:Fri, 12 Aug 2022 23:37:07 GMT
x-ms-lease-status:unlocked
x-ms-lease-state:available
x-ms-blob-type:BlockBlob
x-ms-server-encrypted:true
x-ms-access-tier:Hot
x-ms-access-tier-inferred:true
Date:Sun, 25 Dec 2022 16:16:35 GMT
Content-Length:1109
Content-Type:application/octet-stream
Content-MD5:LuFKWHapYzSmnjxmromAuw==
Last-Modified:Sun, 20 Nov 2022 01:14:38 GMT
[Information] Request [9fe0455e-4e3e-497e-8b1f-a13128d8920c] GET https://<function_app_dedicated_storage>.blob.core.windows.net/azure-webjobs-secrets/<function_app_name>/host.json
x-ms-version:2021-08-06
Accept:application/xml
x-ms-client-request-id:9fe0455e-4e3e-497e-8b1f-a13128d8920c
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Storage.Blobs/12.13.0,(.NET 6.0.6; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
x-ms-date:Sun, 25 Dec 2022 16:16:36 GMT
Authorization:REDACTED
client assembly: Azure.Storage.Blobs
[Information] Response [9fe0455e-4e3e-497e-8b1f-a13128d8920c] 200 OK (00.0s)
Accept-Ranges:bytes
ETag:"0x8DACA94982533A3"
Server:Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id:e0db0aa9-801e-00a6-317c-18269c000000
x-ms-client-request-id:9fe0455e-4e3e-497e-8b1f-a13128d8920c
x-ms-version:2021-08-06
x-ms-creation-time:Fri, 12 Aug 2022 23:37:07 GMT
x-ms-lease-status:unlocked
x-ms-lease-state:available
x-ms-blob-type:BlockBlob
x-ms-server-encrypted:true
Date:Sun, 25 Dec 2022 16:16:35 GMT
Content-Length:1109
Content-Type:application/octet-stream
Content-MD5:LuFKWHapYzSmnjxmromAuw==
Last-Modified:Sun, 20 Nov 2022 01:14:38 GMT
[Information] Request [532132a5-3186-4397-b913-08a0d8a8bb55] HEAD https://<function_app_dedicated_storage>.blob.core.windows.net/azure-webjobs-secrets/<function_app_name>/v1-get-account.json
x-ms-version:2021-08-06
Accept:application/xml
x-ms-client-request-id:532132a5-3186-4397-b913-08a0d8a8bb55
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Storage.Blobs/12.13.0,(.NET 6.0.6; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
x-ms-date:Sun, 25 Dec 2022 16:16:36 GMT
Authorization:REDACTED
client assembly: Azure.Storage.Blobs
[Information] Response [532132a5-3186-4397-b913-08a0d8a8bb55] 200 OK (00.0s)
Accept-Ranges:bytes
ETag:"0x8DA7CBB927ADEE5"
Server:Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id:e0db0aac-801e-00a6-347c-18269c000000
x-ms-client-request-id:532132a5-3186-4397-b913-08a0d8a8bb55
x-ms-version:2021-08-06
x-ms-creation-time:Fri, 12 Aug 2022 23:37:08 GMT
x-ms-lease-status:unlocked
x-ms-lease-state:available
x-ms-blob-type:BlockBlob
x-ms-server-encrypted:true
x-ms-access-tier:Hot
x-ms-access-tier-inferred:true
Date:Sun, 25 Dec 2022 16:16:35 GMT
Content-Length:519
Content-Type:application/octet-stream
Last-Modified:Fri, 12 Aug 2022 23:37:08 GMT
[Information] Request [208dd98f-c802-4ea2-85eb-525716290cc4] GET https://<function_app_dedicated_storage>.blob.core.windows.net/azure-webjobs-secrets/<function_app_name>/v1-get-account.json
x-ms-version:2021-08-06
Accept:application/xml
x-ms-client-request-id:208dd98f-c802-4ea2-85eb-525716290cc4
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Storage.Blobs/12.13.0,(.NET 6.0.6; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
x-ms-date:Sun, 25 Dec 2022 16:16:36 GMT
Authorization:REDACTED
client assembly: Azure.Storage.Blobs
[Information] Response [208dd98f-c802-4ea2-85eb-525716290cc4] 200 OK (00.0s)
Accept-Ranges:bytes
ETag:"0x8DA7CBB927ADEE5"
Server:Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id:e0db0ab0-801e-00a6-377c-18269c000000
x-ms-client-request-id:208dd98f-c802-4ea2-85eb-525716290cc4
x-ms-version:2021-08-06
x-ms-creation-time:Fri, 12 Aug 2022 23:37:08 GMT
x-ms-lease-status:unlocked
x-ms-lease-state:available
x-ms-blob-type:BlockBlob
x-ms-server-encrypted:true
Date:Sun, 25 Dec 2022 16:16:35 GMT
Content-Length:519
Content-Type:application/octet-stream
Last-Modified:Fri, 12 Aug 2022 23:37:08 GMT
[Information] Executing StatusCodeResult, setting HTTP status code 401
1条答案
按热度按时间4jb9z9bj1#
我没能让它工作。
我切换到
keyvault作为存储Function App密钥的方法,问题消失了。Function App的设置如下所示: