连接到代理后面的 Azure Batch - 操作返回了无效的状态代码“禁止”

Posted 2023-02-16

【中文标题】连接到代理后面的 Azure Batch - 操作返回了无效的状态代码“禁止”

【英文标题】：Connecting to Azure Batch behind proxy - Operation returned an invalid status code 'Forbidden'

【发布时间】：2018-01-26 13:36:04

【问题描述】：

我已经设置了一个 Azure Batch 帐户并尝试使用此处的 C# HelloWorld 示例，

https://github.com/Azure/azure-batch-samples

在 AccountSettings.settings 中填写批处理和存储帐户详细信息后，如果我在公司网络之外（位于代理服务器后面），这将正常工作。但是，当我从代理服务器后面使用完全相同的代码时，

BatchException: Operation returned an invalid status code 'Forbidden'

并在控制台输出以下内容，

C:\Source\Scratch\Azure-batch-samples\CSharp\GettingStarted\01_HelloWorld\bin\Debug>HelloWorld.exe
Running with the following settings:
-------------------------------------
PoolId = HelloWorld-Pool
PoolTargetNodeCount = 2
PoolOSFamily = 4
PoolNodeVirtualMachineSize = small
ShouldDeleteJob = True

BatchAccountName = <censored>
BatchAccountKey = <censored>
BatchServiceUrl = <censored>
StorageAccountName = <censored>
StorageAccountKey = <censored>
StorageServiceUrl = <censored>

Deleting job: HelloWorldJob-809362-20180126-143309
Microsoft.Azure.Batch.Common.BatchException: Operation returned an invalid status code 'Forbidden' ---> Microsoft.Azure.
Batch.Protocol.Models.BatchErrorException: Operation returned an invalid status code 'Forbidden'
   at Microsoft.Azure.Batch.Protocol.JobOperations.<DeleteWithHttpMessagesAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---

<..snip..>

Request Information
ClientRequestId:
RequestId:d8b9fcc6-b32d-437c-a8af-7d44d6df486d
HttpStatusCode:Forbidden
StatusMessage:Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly
 including the signature.


Error Code = AuthenticationFailed, Lang=en-US, Message = Server failed to authenticate the request. Make sure the value
of Authorization header is formed correctly including the signature.
RequestId:d8b9fcc6-b32d-437c-a8af-7d44d6df486d
Time:2018-01-26T13:33:13.9958126Z
Additional Values:
Error Details key=AuthenticationErrorDetail value=The MAC signature found in the HTTP request 'k4mfqD3FP6FL2nWLgR3E6AxRp
JJAse9vRW1qVOnn1K0=' is not the same as any computed signature. Server used following string to sign: 'DELETE

有人知道这里发生了什么吗？

【参考方案1】：

似乎有一个 very similar issue 仅影响 .NET Core，但它已在 7.0.1 中修复，我假设您使用的是 8.0.1？

我要做的第一件事是验证（使用 Fiddler 或 Wireshark）流量确实通过您认为的代理。

如果没有，可能值得尝试采用BatchServiceClient 的BatchClient ctor（通过传入HttpClientHandler 并根据需要设置Proxy 属性来创建BatchServiceClient 的实例）。

如果做不到这一点 - 您真的需要从公司代理后面访问批处理服务吗？我的猜测是，无论您想要对批处理服务实际执行什么操作，都将封装在一个 API 或 Web 应用程序中，该应用程序本身将部署到 Azure - 因此不需要 HTTP 代理！