我已经成功部署了DICOM Cast。并执行了Sync Medical Imaging Server for DICOM metadata into FHIR Server for Azure的所有步骤。但无法在FHIR服务中获得相应的FHIR资源。
我对this doc.的某些步骤感到困惑
1.在为您的FHIR和DICOM应用程序服务设置身份验证时，我无法在DICOM服务中设置Audience、Authority和Security：Enabled，也无法在FHIR服务中设置Security：Enabled。

2.在更新DICOM Cast的Key Vault时，您在一个文档中提到“搜索您的服务原则”，在选择原则下，我应该选择哪个原则？用户原则还是企业应用原则？如果是企业应用原则，我应该选择哪个应用？

目前，我还没有对DICOM服务进行认证，在服务原则中，我选择了用户原则。
下面是详细的容器日志：

info: Azure.Identity[1]
      DefaultAzureCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[1]
      EnvironmentCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[3]
      EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
info: Azure.Identity[1]
      WorkloadIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[3]
      WorkloadIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  Exception: Azure.Identity.CredentialUnavailableException (0x80131500): WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
info: Azure.Identity[1]
      ManagedIdentityCredential.GetToken invoked. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId: 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] MSAL MSAL.NetCore with assembly version '4.54.1.0'. CorrelationId(0c85f10d-5c3c-4f91-a149-c05e7048dae4)
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === AcquireTokenForClientParameters ===
      SendX5C: False
      ForceRefresh: False
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] 
      === Request Data ===
      Authority Provided? - True
      Scopes - https://dicom.healthcareapis.azure.com
      Extra Query Params Keys (space separated) - 
      ApiId - AcquireTokenForClient
      IsConfidentialClient - True
      SendX5C - False
      LoginHint ? False
      IsBrokerConfigured - False
      HomeAccountId - False
      CorrelationId - 0c85f10d-5c3c-4f91-a149-c05e7048dae4
      UserAssertion set: False
      LongRunningOboCacheKey set: False
      Region configured: 
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] === Token Acquisition (ClientCredentialRequest) started:
         Scopes: https://dicom.healthcareapis.azure.com
        Authority Host: login.microsoftonline.com
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Region discovery] Not using a regional authority. 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:31Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [Instance Discovery] Skipping Instance discovery because it is disabled. 
info: Azure.Core[1]
      Request [467f2d30-036f-41e2-ab12-9619b63ec6c7] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
      Metadata:REDACTED
      x-ms-client-request-id:467f2d30-036f-41e2-ab12-9619b63ec6c7
      x-ms-return-client-request-id:true
      User-Agent:azsdk-net-Identity/1.10.0 (.NET 7.0.10; Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022)
      client assembly: Azure.Identity
info: Azure.Core[5]
      Response [467f2d30-036f-41e2-ab12-9619b63ec6c7] 200 OK (00.0s)
      Date:Thu, 14 Sep 2023 13:58:32 GMT
      Content-Type:application/json
      Content-Length:1438
      
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Checking client info returned from the server..
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Saving token response to cache..
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] ID Token not present in response. 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Cannot determine home account id - or id token or no client info and no subject 
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Looking for scopes for the authority in the cache which intersect with https://dicom.healthcareapis.azure.com
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Intersecting scope entries count - 0
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] 
        === Token Acquisition finished successfully:
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4]  AT expiration time: 09/15/2023 12:56:16 +00:00, scopes: https://dicom.healthcareapis.azure.com. source: IdentityProvider
info: Azure.Identity[8]
      False MSAL 4.54.1.0 MSAL.NetCore .NET 7.0.10 Linux 5.10.102.2-microsoft-standard #1 SMP Mon Mar 7 17:36:34 UTC 2022 [2023-09-14 13:58:32Z - 0c85f10d-5c3c-4f91-a149-c05e7048dae4] Fetched access token from host login.microsoftonline.com. 
info: Azure.Identity[2]
      ManagedIdentityCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
info: Azure.Identity[13]
      DefaultAzureCredential credential selected: Azure.Identity.ManagedIdentityCredential
info: Azure.Identity[2]
      DefaultAzureCredential.GetToken succeeded. Scopes: [ https://dicom.healthcareapis.azure.com ] ParentRequestId:  ExpiresOn: 2023-09-15T12:56:16.0260624+00:00
crit: Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker[0]
      Unhandled exception.
      Microsoft.Health.Dicom.Client.DicomWebException: Forbidden: Authorization failed.
         at Microsoft.Health.Dicom.Client.DicomWebClient.EnsureSuccessStatusCodeAsync(HttpResponseMessage response, Func`5 additionalFailureInspector) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.cs:line 219
         at Microsoft.Health.Dicom.Client.DicomWebClient.GetChangeFeedLatest(String queryString, CancellationToken cancellationToken) in /_/src/Microsoft.Health.Dicom.Client/DicomWebClient.ChangeFeed.cs:line 41
         at Microsoft.Health.DicomCast.Core.Features.DicomWeb.Service.ChangeFeedRetrieveService.RetrieveLatestSequenceAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/DicomWeb/Service/ChangeFeedRetrieveService.cs:line 41
         at Microsoft.Health.DicomCast.Core.Features.Worker.ChangeFeedProcessor.ProcessAsync(TimeSpan pollIntervalDuringCatchup, CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/ChangeFeedProcessor.cs:line 70
         at Microsoft.Health.DicomCast.Core.Features.Worker.DicomCastWorker.ExecuteAsync(CancellationToken cancellationToken) in /_/converter/dicom-cast/src/Microsoft.Health.DicomCast.Core/Features/Worker/DicomCastWorker.cs:line 95
info: Microsoft.Hosting.Lifetime[0]
      Application is shutting down...

字符串
以下是 Postman 截图：

的

2条答案

按热度按时间

h43kikqp1#

错误403 Forbidden通常发生在您未将FHIR Data Contributor等所需角色添加到ACI托管身份时。
当我尝试在不添加角色的情况下通过Postman获取患者数据时，我也得到了相同的错误，403 Forbidden状态如下：

GET https://demofhir20.azurehealthcareapis.com/Patient

字符串

回复：

的数据
在您的情况下，确保在使用托管身份验证生成访问令牌时将FHIR Data Contributor和DICOM Data Owner角色添加到ACI托管身份：

的
分配角色后，重新生成访问令牌，调用/patient API，成功获得响应，如下所示：

型

参考：dicom-server/docs/quickstarts/deploy-dicom-cast.md at main · microsoft/dicom-server (github.com)

赞(0）回复(0）举报 12个月前

xqkwcwgp2#

无需遵循以下FHIR和DICOM应用程序服务的身份验证步骤。
然后，您将能够在FHIR服务中获取相应的FHIR资源（患者数据）。

azure 无法在FHIR服务中获取相应的FHIR资源(患者数据)

2条答案

相关问题

热门标签

最新问答