[英]How to use Management certificate based authentication for making REST API calls to Azure?
I am trying to get the usage and rate card information from Microsoft Azure using a java application and I came to understand that I can use the Management certificate to authenticate for making calls to Microsoft Azure. 我试图使用Java应用程序从Microsoft Azure获取使用情况和价目表信息,后来我了解到可以使用管理证书进行身份验证以进行对Microsoft Azure的调用。
I got the Management Certificate from the .publishsettings file I got from here 我从这里获得的.publishsettings文件中获得了管理证书
However, in AuthenticationContext
, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls. 但是,在
AuthenticationContext
,我看不到任何利用此证书来获取使用率和API调用所需的访问令牌的方法。
I tried referring to this answer , but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. 我尝试参考此答案 ,但没有看到任何可用于使用和价目表的客户端,而答案针对的是ManagementClient,这不是我的用例之一。 I referred to this blog as well, which makes a reference to
ClientAssertionCertificate
, which I don't see in the java library for adal . 我也提到了这个博客,该博客引用了
ClientAssertionCertificate
,我在java库中没有看到adal 。
NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism, but I wanted to make use of this management certificate mechanism since the users of my application may not trust this application with their credentials and this certificate based mechanism seems more easier to use from a user-point of view. 注意:我可以使用基于用户名,密码和客户端ID的身份验证机制对Azure进行REST API调用,以获取使用情况和价目表信息,但是我想利用此管理证书机制,因为我的应用程序用户可能无法使用以其凭据信任此应用程序,并且从用户的角度来看,这种基于证书的机制似乎更易于使用。
Simple answer is you can't use a management certificate to consume Billing API. 一个简单的答案是,您不能使用管理证书来使用Billing API。 Billing API are essentially part of newer APIs that make use of Azure AD tokens.
计费API本质上是使用Azure AD令牌的较新API的一部分。
Management certificate can only be used for Service Management APIs
. 管理证书只能用于
Service Management APIs
。
However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.
但是,在AuthenticationContext中,我看不到任何利用此证书来获得进行使用和对API调用进行评级所需的访问令牌的方法。
I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.
我也提到了这个博客,该博客引用了ClientAssertionCertificate,我在javad库中没有找到adal。
As Gaurav said, We just only can call Usage & Rate Card API using Azure Active Directory for authentication. 正如Gaurav所说,我们只能使用Azure Active Directory调用使用和价目表API进行身份验证。 You can use AuthenticationContext to acquire the the
access_token
as following code. 您可以使用AuthenticationContext来获取
access_token
,如下代码。 You need provide client ID
and Client Secret
( key
). 您需要提供
client ID
和Client Secret
( key
)。
private AuthenticationResult getAccessTokenFromClientCredentials()
throws Throwable {
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(authority + tenant + "/", true,
service);
Future<AuthenticationResult> future = context.acquireToken(
"https://graph.windows.net", new ClientCredential(clientId,
clientSecret), null);
result = future.get();
} catch (ExecutionException e) {
throw e.getCause();
} finally {
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
}
return result;
}
NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,.....
注意:我可以使用基于用户名,密码和客户端ID的身份验证机制对Azure进行REST API调用,以获取使用情况和价目表信息,.....
It seems that we can't use Management certificate mechanism to call Usage & Rate Card API. 看来我们无法使用管理证书机制来调用“用法和价目表” API。 Because these calling user or the service principal is a member of the
Owner, Contributor or Reader role
in the Azure AD tenant for the requested subscription ( see this document ). 因为这些调用用户或服务主体是Azure AD租户中所请求的订阅的
Owner, Contributor or Reader role
的成员( 请参阅本文档 )。 I recommend you refer to this document about how to authenticate Azure Resource Management . 我建议您参考此文档,了解如何对Azure资源管理进行身份验证 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.