我最近遇到了 DPS 注册请求问题,出现错误“ {"Message":"{"errorCode":401002,"message":"指定的 SAS 令牌具有无效签名。它与主令牌或主令牌都不匹配中学密钥。","trackingId":"E377D48366F943E189A5FEA744D89D95-G2:-时间戳:2025-01-03T14:15:03.453324 531Z","timestampUtc":"2025-01-03T14:15:03.453324531Z","info":null}","ExceptionMessage":""}"。
我在不同的环境中有两个不同的 IoT 中心,并且我的设备正在使用组注册对称密钥运行 IoT Edge,但 Azure Identidy 守护程序似乎只能在其中一个 DPS 环境中注册。对于另一个,我有这个错误。我已经尝试过重新生成密钥。它已经工作了好几个月了,但突然在那种环境下就不再工作了。我不记得在设置中更改过任何内容。
感谢您的帮助
该错误表示用于通过 Azure 设备预配服务 (DPS) 进行身份验证的 SAS 令牌签名无效或已过期。
以下是生成 SAS 令牌的代码:
public static async Task Main(string[] args)
{
Parameters parameters = null;
ParserResult<Parameters> parserResult = Parser.Default.ParseArguments<Parameters>(args)
.WithParsed(parsedParams => parameters = parsedParams)
.WithNotParsed(errors => Environment.Exit(1));
Console.WriteLine("Creating SAS credential...");
try
{
TimeSpan tokenValidity = TimeSpan.FromHours(1);
DateTime expiresOn = DateTime.UtcNow.Add(tokenValidity);
// Generate SAS token
string sasToken = GenerateSasToken(
parameters.HostName,
parameters.SharedAccessKey,
parameters.SharedAccessKeyName,
expiresOn
);
AzureSasCredential sasCredential = new AzureSasCredential(sasToken);
ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.Create(parameters.HostName, sasCredential);
Console.WriteLine("SAS credential successfully created.");
var sample = new ProvisioningRoleBasedAuthenticationSample(provisioningServiceClient);
await sample.RunSampleAsync();
}
catch (Exception ex)
{
Console.WriteLine($"An error occurred: {ex.Message}");
}
}
private static string GenerateSasToken(string resourceUri, string sharedAccessKey, string policyName, DateTime expiresOn)
{
DateTime epochTime = new DateTime(1970, 1, 1);
TimeSpan secondsFromEpochTime = expiresOn.Subtract(epochTime);
long seconds = Convert.ToInt64(secondsFromEpochTime.TotalSeconds, CultureInfo.InvariantCulture);
string expiry = seconds.ToString(CultureInfo.InvariantCulture);
string stringToSign = $"{WebUtility.UrlEncode(resourceUri)}\n{expiry}";
using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(sharedAccessKey)))
{
string signature = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(stringToSign)));
string token = $"SharedAccessSignature sr={WebUtility.UrlEncode(resourceUri)}&sig={WebUtility.UrlEncode(signature)}&se={expiry}";
Console.WriteLine("sas token"+token);
if (!string.IsNullOrWhiteSpace(policyName))
{
token += $"&skn={policyName}";
}
return token;
}
}
}
请参阅此链接,了解有关使用 Azure IoT 中心设备预配服务进行对称密钥证明的信息。
下面是新建一个注册组:
public async Task CreateEnrollmentGroupAsync()
{
Console.WriteLine("Creating a new enrollment group...");
Attestation attestation = new SymmetricKeyAttestation(null, null); // let the service generate keys
var group = new EnrollmentGroup(s_enrollmentGroupId, attestation);
group = await _provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(group);
Console.WriteLine($"Created {group.EnrollmentGroupId}: {JsonConvert.SerializeObject(group)}");
}
请参阅此 link 以获取
的完整代码。请参阅此 so 以了解带 dps 的物联网边缘EnrollmentGroup
输出: