最近通过Visual Studio 2022部署Azure App Service的时候,突然遇见了部署失败, 401 Unauthorized错误。
错误消息:
Build started... 1>------ Build started: Project: myapi01, Configuration: Release Any CPU ------ 1>myapi01 -> C:\MyCode\44-AppService-ASP.NET\myapi01\bin\Release\net7.0\myapi01.dll 2>------ Publish started: Project: myapi01, Configuration: Release Any CPU ------ myapi01 -> C:\MyCode\44-AppService-ASP.NET\myapi01\bin\Release\net7.0\myapi01.dll myapi01 -> C:\MyCode\44-AppService-ASP.NET\myapi01\obj\Release\net7.0\PubTmp\Out\ C:\Program Files\dotnet\sdk\7.0.304\Sdks\Microsoft.NET.Sdk.Publish\targets\PublishTargets\Microsoft.NET.Sdk.Publish.MSDeploy.targets(140,5):
Error : Web deployment task failed. (Connected to the remote computer ("javatest02.scm.chinacloudsites.cn") using the Web Management Service,
but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists,
and that the credentials represent a user who has permissions to access the site.
Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.) Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator. Error details: Connected to the remote computer ("javatest02.scm.chinacloudsites.cn") using the Web Management Service, but could not authorize.
Make sure that you are using the correct user name and password, that the site you are connecting to exists,
and that the credentials represent a user who has permissions to access the site.
Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED. The remote server returned an error: (401) Unauthorized. Publish failed to deploy. 2>Build failed. Check the Output window for more details. ========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ========== ========== Build started at 7:10 PM and took 04.863 seconds ========== ========== Publish: 0 succeeded, 1 failed, 0 skipped ========== ========== Publish started at 7:10 PM and took 04.863 seconds ==========
非常疑惑,因为在VS中使用的认证是从App Service门户上下载的Publish Profile文件,其中包含的登录的用户名和密码。
那为什么它就不能通过App Service的登录认证了呢?
因为发布中使用的Publish Profile文件是从Azure 门户上下载,不存在人为错误导致密码错误无法认证。那么就只能从配置方面着手检查:
注:Basic Authentication被设置为 Off。表示通过站点的用户名和密码登录方式已经不可用。 此点正符合部署时遇见的401 Unauthorized问题。
再次从VS 2022中部署站点,发布成功。
当然,如果不启用 Basic Authentication,有没有其他可以部署的方式呢?
当然可以,使用Azure AD登录认证,也就是我们最常规的使用登录Azure 的账号进行认证。
禁用基本身份验证
一些组织需要满足安全要求,因此宁愿禁用通过 FTP 或 WebDeploy 进行的访问。 这样一来,组织的成员就只能通过 Azure Active Directory (Azure AD) 控制的 API 访问其应用服务。
如使用az cli命令进行部署:
az cloud set --name AzureChinaCloud az login -u <Azure User Account> -p <Password> az account set --subscription "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" az webapp deploy --resource-group <group-name> --name <app-name> --src-path <zip-package-path>
部署App Service: https://docs.azure.cn/zh-cn/app-service/deploy-zip?tabs=cli