如何启用应用程序服务身份验证并通过 ARM-Template 登录到 blob?
How to enable app-service-authentication and logging into a blob via ARM-Template?
如何启用 app-service-authentication 并通过 ARM-Template 登录到 blob?
大家好,我有一个问题,我想为匿名请求激活应用程序服务身份验证,并通过资源模板将网站上可能发生的所有事情记录到存储帐户的 blob 中。我应该在模板-json-文件中添加什么来做到这一点?
感谢大家的帮助
编辑:
我发现了一些东西。
使用此代码段可以正常工作,但设置不正确
"properties": {
"name": "<#= website.Name #>",
"siteConfig": {
"alwaysOn": true,
"siteAuthEnabled": true,
"siteAuthSettings": null,
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": true
},
现在看起来像这样:
但这就是它应该寻找的方式:
记录所有事情
您可以启用诊断日志记录 (https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log)
为您的应用服务并按照本指南将其添加到您的应用服务网站 https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template
对于帮助您跟踪(几乎)应用服务网站中发生的所有事情的通用日志记录解决方案,您可以使用 Application Insights (AI)。您可以按照本文 https://docs.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template 将 Application Insights 添加到您的 ARM 模板。这将帮助您为您的网络设置 AI 并定义您要记录的任何特定跟踪和遥测。
基本上,这是您需要添加到 ARM 模板以将 AI 添加到应用服务的内容:
"resources": [
{
"apiVersion": "2014-08-01",
"location": "[parameters('appLocation')]",
"name": "[parameters('appName')]",
"type": "microsoft.insights/components",
"properties": {
"Application_Type": "[parameters('applicationType')]",
"ApplicationId": "[parameters('appName')]",
"Name": "[parameters('appName')]",
"Flow_Type": "Redfield",
"Request_Source": "IbizaAIExtension"
}
},
{
"name": "[variables('billingplan')]",
"type": "microsoft.insights/components/CurrentBillingFeatures",
"location": "[parameters('appLocation')]",
"apiVersion": "2015-05-01",
"dependsOn": [
"[resourceId('microsoft.insights/components', parameters('appName'))]"
],
"properties": {
"CurrentBillingFeatures": "[variables('pricePlan')]",
"DataVolumeCap": {
"Cap": "[parameters('dailyQuota')]",
"WarningThreshold": "[parameters('warningThreshold')]",
"ResetTime": "[parameters('dailyQuotaResetTime')]"
}
}
},
"__comment":"web test, alert, and any other resources go here"
]
当然,您需要根据要设置的价格计划和配额为所有参数和变量提供值。
然后您可以设置 连续导出 (https://docs.microsoft.com/en-us/azure/application-insights/app-insights-export-telemetry) from AI to export all logged telemetry to a separate Azure Storage blob for long term retention of your logged data. Unfortunatelly you cannot setup Continuous Export from the ARM template, but it will likely be available soon: https://visualstudio.uservoice.com/forums/357324-application-insights/suggestions/13718607-enable-programatic-configuration-of-continuous-exp
验证所有东西
在您的应用服务中设置身份验证,您可以为您的 WebSite 资源指定身份验证选项 properties。我建议您首先使用门户或 PowerShell 配置所需的身份验证模型,然后从生成的部署中提取模板 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template,因为要设置的实际属性和值没有很好的记录。
正在从门户创建 ARM 模板
您可以对您的网站进行所有更改,直接在门户中设置诊断,然后提取一个模板来反映该资源组中当前部署的内容。
只需转至您的资源组并select自动化脚本,这将提取模板定义。它可能不是最漂亮的模板或最好的结构,但它将包含您的部署(除非它对某些资源显示警告)。
可以通过模板中的以下资源启用 WebApp 日志记录和身份验证
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "off"
},
"azureTableStorage": {
"level": "off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "off",
"sasUrl": null,
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": true
},
"azureBlobStorage": {
"sasUrl": null,
"retentionInDays": null,
"enabled": false
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"apiVersion": "2015-08-01",
"name": "authsettings",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"enabled": false,
"isAadAutoProvisioned": false
}
}
如果您不确定,模板中应该包含哪些值。
执行以下操作:
- 通过门户配置 Web 应用程序
- 启用必要的设置
- 转到 https://resources.azure.com/ 并检查如何为您的 Web 应用程序配置模板
- 在您的模板 json 文件中进行更改
根据您的情况,我已经部署了我的 ARM 模板以针对 Blob 存储启用应用程序日志记录和 Web 服务器日志记录,启用应用程序服务身份验证并允许对我的 Web 应用程序进行匿名请求。下面是一些详细的步骤,大家可以参考一下。
1.Create Azure 资源组项目并添加 Web 应用程序模板;
2.Add"MONITORING > Diagnostic logs"配置如下:
3.Add"SETTINGS > Authentication/Authorization"配置如下:
4.Deploy Web 应用程序并在 Azure 门户上查看它:
这是我的website.json,你可以参考一下
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteLogs"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "Error",
"sasUrl": "https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": false
},
"azureBlobStorage": {
"sasUrl":"https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"name": "authsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteAuthSettings"
},
"properties": {
"enabled": true,
"httpApiPrefixPath": null,
"unauthenticatedClientAction": 1,
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": 0,
"clientId": null,
"clientSecret": null,
"issuer": null,
"allowedAudiences": null,
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": [
""
],
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": [
""
]
}
}
]
}
]
}
此外,您可以从 resources.azure.com 检索配置。为了让大家更好的了解ARM模板,下面是截图:
如何启用 app-service-authentication 并通过 ARM-Template 登录到 blob?
大家好,我有一个问题,我想为匿名请求激活应用程序服务身份验证,并通过资源模板将网站上可能发生的所有事情记录到存储帐户的 blob 中。我应该在模板-json-文件中添加什么来做到这一点?
感谢大家的帮助
编辑:
我发现了一些东西。 使用此代码段可以正常工作,但设置不正确
"properties": {
"name": "<#= website.Name #>",
"siteConfig": {
"alwaysOn": true,
"siteAuthEnabled": true,
"siteAuthSettings": null,
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": true
},
现在看起来像这样:
但这就是它应该寻找的方式:
记录所有事情
您可以启用诊断日志记录 (https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log) 为您的应用服务并按照本指南将其添加到您的应用服务网站 https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template
对于帮助您跟踪(几乎)应用服务网站中发生的所有事情的通用日志记录解决方案,您可以使用 Application Insights (AI)。您可以按照本文 https://docs.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template 将 Application Insights 添加到您的 ARM 模板。这将帮助您为您的网络设置 AI 并定义您要记录的任何特定跟踪和遥测。
基本上,这是您需要添加到 ARM 模板以将 AI 添加到应用服务的内容:
"resources": [
{
"apiVersion": "2014-08-01",
"location": "[parameters('appLocation')]",
"name": "[parameters('appName')]",
"type": "microsoft.insights/components",
"properties": {
"Application_Type": "[parameters('applicationType')]",
"ApplicationId": "[parameters('appName')]",
"Name": "[parameters('appName')]",
"Flow_Type": "Redfield",
"Request_Source": "IbizaAIExtension"
}
},
{
"name": "[variables('billingplan')]",
"type": "microsoft.insights/components/CurrentBillingFeatures",
"location": "[parameters('appLocation')]",
"apiVersion": "2015-05-01",
"dependsOn": [
"[resourceId('microsoft.insights/components', parameters('appName'))]"
],
"properties": {
"CurrentBillingFeatures": "[variables('pricePlan')]",
"DataVolumeCap": {
"Cap": "[parameters('dailyQuota')]",
"WarningThreshold": "[parameters('warningThreshold')]",
"ResetTime": "[parameters('dailyQuotaResetTime')]"
}
}
},
"__comment":"web test, alert, and any other resources go here"
]
当然,您需要根据要设置的价格计划和配额为所有参数和变量提供值。
然后您可以设置 连续导出 (https://docs.microsoft.com/en-us/azure/application-insights/app-insights-export-telemetry) from AI to export all logged telemetry to a separate Azure Storage blob for long term retention of your logged data. Unfortunatelly you cannot setup Continuous Export from the ARM template, but it will likely be available soon: https://visualstudio.uservoice.com/forums/357324-application-insights/suggestions/13718607-enable-programatic-configuration-of-continuous-exp
验证所有东西
在您的应用服务中设置身份验证,您可以为您的 WebSite 资源指定身份验证选项 properties。我建议您首先使用门户或 PowerShell 配置所需的身份验证模型,然后从生成的部署中提取模板 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template,因为要设置的实际属性和值没有很好的记录。
正在从门户创建 ARM 模板
您可以对您的网站进行所有更改,直接在门户中设置诊断,然后提取一个模板来反映该资源组中当前部署的内容。
只需转至您的资源组并select自动化脚本,这将提取模板定义。它可能不是最漂亮的模板或最好的结构,但它将包含您的部署(除非它对某些资源显示警告)。
可以通过模板中的以下资源启用 WebApp 日志记录和身份验证
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "off"
},
"azureTableStorage": {
"level": "off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "off",
"sasUrl": null,
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": true
},
"azureBlobStorage": {
"sasUrl": null,
"retentionInDays": null,
"enabled": false
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"apiVersion": "2015-08-01",
"name": "authsettings",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"enabled": false,
"isAadAutoProvisioned": false
}
}
如果您不确定,模板中应该包含哪些值。 执行以下操作:
- 通过门户配置 Web 应用程序
- 启用必要的设置
- 转到 https://resources.azure.com/ 并检查如何为您的 Web 应用程序配置模板
- 在您的模板 json 文件中进行更改
根据您的情况,我已经部署了我的 ARM 模板以针对 Blob 存储启用应用程序日志记录和 Web 服务器日志记录,启用应用程序服务身份验证并允许对我的 Web 应用程序进行匿名请求。下面是一些详细的步骤,大家可以参考一下。
1.Create Azure 资源组项目并添加 Web 应用程序模板;
2.Add"MONITORING > Diagnostic logs"配置如下:
3.Add"SETTINGS > Authentication/Authorization"配置如下:
4.Deploy Web 应用程序并在 Azure 门户上查看它:
这是我的website.json,你可以参考一下
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteLogs"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "Error",
"sasUrl": "https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": false
},
"azureBlobStorage": {
"sasUrl":"https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"name": "authsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteAuthSettings"
},
"properties": {
"enabled": true,
"httpApiPrefixPath": null,
"unauthenticatedClientAction": 1,
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": 0,
"clientId": null,
"clientSecret": null,
"issuer": null,
"allowedAudiences": null,
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": [
""
],
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": [
""
]
}
}
]
}
]
}
此外,您可以从 resources.azure.com 检索配置。为了让大家更好的了解ARM模板,下面是截图: