堆栈内存溢出
  简体   繁体   English

如何使用基于管理证书的身份验证对Azure进行REST API调用?

[英]How to use Management certificate based authentication for making REST API calls to Azure?

 原文  2015-10-05 10:24:03       java/ azure/ adal/ azure-billing-api

问题描述

I am trying to get the usage and rate card information from Microsoft Azure using a java application and I came to understand that I can use the Management certificate to authenticate for making calls to Microsoft Azure. 我试图使用Java应用程序从Microsoft Azure获取使用情况和价目表信息,后来我了解到可以使用管理证书进行身份验证以进行对Microsoft Azure的调用。

I got the Management Certificate from the .publishsettings file I got from here 我从这里获得的.publishsettings文件中获得了管理证书

However, in AuthenticationContext , I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls. 但是,在AuthenticationContext ,我看不到任何利用此证书来获取使用率和API调用所需的访问令牌的方法。

I tried referring to this answer , but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. 我尝试参考此答案 ,但没有看到任何可用于使用和价目表的客户端,而答案针对的是ManagementClient,这不是我的用例之一。 I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal . 我也提到了这个博客,该博客引用了ClientAssertionCertificate ,我在java库中没有看到adal

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism, but I wanted to make use of this management certificate mechanism since the users of my application may not trust this application with their credentials and this certificate based mechanism seems more easier to use from a user-point of view. 注意:我可以使用基于用户名,密码和客户端ID的身份验证机制对Azure进行REST API调用,以获取使用情况和价目表信息,但是我想利用此管理证书机制,因为我的应用程序用户可能无法使用以其凭据信任此应用程序,并且从用户的角度来看,这种基于证书的机制似乎更易于使用。

2 个解决方案

解决方案1
 1  2015-10-05 19:04:49

Simple answer is you can't use a management certificate to consume Billing API. 一个简单的答案是,您不能使用管理证书来使用Billing API。 Billing API are essentially part of newer APIs that make use of Azure AD tokens. 计费API本质上是使用Azure AD令牌的较新API的一部分。

Management certificate can only be used for Service Management APIs . 管理证书只能用于Service Management APIs

解决方案2
 1 已采纳  2015-10-08 02:35:39

However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls. 但是,在AuthenticationContext中,我看不到任何利用此证书来获得进行使用和对API调用进行评级所需的访问令牌的方法。

I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal. 我也提到了这个博客,该博客引用了ClientAssertionCertificate,我在javad库中没有找到adal。

As Gaurav said, We just only can call Usage & Rate Card API using Azure Active Directory for authentication. 正如Gaurav所说,我们只能使用Azure Active Directory调用使用和价目表API进行身份验证。 You can use AuthenticationContext to acquire the the access_token as following code. 您可以使用AuthenticationContext来获取access_token ,如下代码。 You need provide client ID and Client Secret ( key ). 您需要提供client IDClient Secretkey )。 

private AuthenticationResult getAccessTokenFromClientCredentials()
            throws Throwable {
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(authority + tenant + "/", true,
                    service);
            Future<AuthenticationResult> future = context.acquireToken(
                    "https://graph.windows.net", new ClientCredential(clientId,
                            clientSecret), null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        return result;
    }

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,..... 注意:我可以使用基于用户名,密码和客户端ID的身份验证机制对Azure进行REST API调用,以获取使用情况和价目表信息,.....

It seems that we can't use Management certificate mechanism to call Usage & Rate Card API. 看来我们无法使用管理证书机制来调用“用法和价目表” API。 Because these calling user or the service principal is a member of the Owner, Contributor or Reader role in the Azure AD tenant for the requested subscription ( see this document ). 因为这些调用用户或服务主体是Azure AD租户中所请求的订阅的Owner, Contributor or Reader role的成员( 请参阅本文档 )。 I recommend you refer to this document about how to authenticate Azure Resource Management . 我建议您参考此文档,了解如何对Azure资源管理进行身份验证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为Azure Api管理Rest Api生成令牌 - Generating Token for Azure Api Management Rest Api 如何在Java中将身份验证与JIRA REST API一起使用 - How to use Authentication with JIRA REST API in Java 如何在 Java 中使用 REST API 身份验证? - How to use REST API Authentication with java? 在对外部服务进行 REST API 调用时如何包含客户端证书 - Spring Boot? - How to include client certificate when making REST API call to an external service - Spring Boot? 如何使用带有证书认证的 RestTemplate? - How to use RestTemplate with certificate authentication? 如何优化REST API调用 - How to Optimize REST API calls 如何使用基于证书的身份验证创建Azure Blob,使用Java从文件中下载文件 - How to create Azure blob with certificate based authentication n download file from that using java 通过SecureSocial进行身份验证后,对Linkedin API进行其他Oauth调用 - Making additional Oauth calls to Linkedin API after authentication through SecureSocial 捆绑中的REST API的基于Shiro的身份验证不起作用 - Shiro based Authentication for rest api in a bundle not working 使用TwitterApiClient类从Android应用程序进行REST API调用 - Making REST API calls from an Android app using TwitterApiClient class
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM