如何使用基于管理证书的身份验证对 Azure 进行 REST API 调用?
How to use Management certificate based authentication for making REST API calls to Azure?
我正在尝试使用 java 应用程序从 Microsoft Azure 获取使用情况和价目表信息,并且我了解到我可以使用管理证书对调用 Microsoft Azure 进行身份验证。
我从 here
获得的 .publishsettings 文件中获得了管理证书
但是,在 AuthenticationContext 中,我没有看到任何方法利用此证书获取进行使用和费率 API 调用所需的访问令牌。
我试着参考 this answer, but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal。
注意: 我能够使用基于用户名、密码和客户端 ID 的身份验证机制对 Azure 进行 REST API 调用以获取使用情况和价目表信息,但我想利用这种管理证书机制,因为我的应用程序的用户可能不信任这个应用程序的凭据,而且从用户的角度来看,这种基于证书的机制似乎更容易使用。
简单的回答是您不能使用管理证书来使用 Billing API。计费 API 本质上是使用 Azure AD 令牌的较新 API 的一部分。
管理证书只能用于Service Management APIs。
However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.
I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.
正如 Gaurav 所说,我们只能调用 Usage & Rate Card API 使用 Azure Active Directory 进行身份验证。您可以使用 AuthenticationContext 获取 access_token,如下面的代码所示。您需要提供 client ID 和 Client Secret(key).
private AuthenticationResult getAccessTokenFromClientCredentials()
throws Throwable {
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority + tenant + "/", true,
service);
Future<AuthenticationResult> future = context.acquireToken(
"https://graph.windows.net", new ClientCredential(clientId,
clientSecret), null);
result = future.get();
} catch (ExecutionException e) {
throw e.getCause();
} finally {
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
}
return result;
}
NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,.....
看来我们不能使用管理证书机制来调用 Usage & Rate Card API。因为这些调用用户或服务主体是所请求订阅的 Azure AD 租户中 Owner, Contributor or Reader role 的成员 (see this document). I recommend you refer to this document about how to authenticate Azure Resource Management.
我正在尝试使用 java 应用程序从 Microsoft Azure 获取使用情况和价目表信息,并且我了解到我可以使用管理证书对调用 Microsoft Azure 进行身份验证。
我从 here
获得的 .publishsettings 文件中获得了管理证书但是,在 AuthenticationContext 中,我没有看到任何方法利用此证书获取进行使用和费率 API 调用所需的访问令牌。
我试着参考 this answer, but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal。
注意: 我能够使用基于用户名、密码和客户端 ID 的身份验证机制对 Azure 进行 REST API 调用以获取使用情况和价目表信息,但我想利用这种管理证书机制,因为我的应用程序的用户可能不信任这个应用程序的凭据,而且从用户的角度来看,这种基于证书的机制似乎更容易使用。
简单的回答是您不能使用管理证书来使用 Billing API。计费 API 本质上是使用 Azure AD 令牌的较新 API 的一部分。
管理证书只能用于Service Management APIs。
However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.
I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.
正如 Gaurav 所说,我们只能调用 Usage & Rate Card API 使用 Azure Active Directory 进行身份验证。您可以使用 AuthenticationContext 获取 access_token,如下面的代码所示。您需要提供 client ID 和 Client Secret(key).
private AuthenticationResult getAccessTokenFromClientCredentials()
throws Throwable {
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority + tenant + "/", true,
service);
Future<AuthenticationResult> future = context.acquireToken(
"https://graph.windows.net", new ClientCredential(clientId,
clientSecret), null);
result = future.get();
} catch (ExecutionException e) {
throw e.getCause();
} finally {
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
}
return result;
}
NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,.....
看来我们不能使用管理证书机制来调用 Usage & Rate Card API。因为这些调用用户或服务主体是所请求订阅的 Azure AD 租户中 Owner, Contributor or Reader role 的成员 (see this document). I recommend you refer to this document about how to authenticate Azure Resource Management.