堆栈内存溢出
  简体   繁体   English

Azure 服务主体无法访问服务管理 API

[英]Azure Service Principal cannot access Service Management API

 原文  2015-11-05 00:42:52       azure/ azure-resource-manager

问题描述

It seems that an application that authenticates against Azure as a Service Principal (setup as per this post ) cannot access the Service Management API.似乎将 Azure 作为服务主体进行身份验证的应用程序(根据这篇文章进行设置)无法访问服务管理 API。 I cannot find anywhere that states explicitly that this is not supported.我找不到任何明确声明不支持此功能的地方。 Is it possible?是否可以? Will it ever be supported?它会得到支持吗?

An application that authenticates using a Management Certificate cannot access the Resource Manager API (this is explicitly not supported).使用管理证书进行身份验证的应用程序无法访问资源管理器 API(明确不支持)。

Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?有没有一种方法来验证对Azure和接入两种服务管理和资源管理器API的应用程序(不是人)?

1 个解决方案

解决方案1
 1 已采纳  2015-11-05 03:44:04

Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?有没有办法针对 Azure 对应用程序(而不是个人)进行身份验证并访问服务管理和资源管理器 API?

From what I understand, No it is not possible today.据我所知,不,今天是不可能的。 In order to use tokens based authentication for Service Management API, the user/application for which the token is issued must be an administrator or co-administrator on the Azure Subscription in question and I could not find a way to add a service principal as an admin/co-admin in Azure Portal.为了对服务管理 API 使用基于tokens的身份验证,为其颁发令牌的用户/应用程序必须是相关 Azure 订阅的管理员或共同管理员,我找不到添加服务主体作为Azure 门户中的管理员/共同管理员。

However a Service Principal can access Resource Manager API.但是,服务主体可以访问资源管理器 API。 For this you must assign that service principal an appropriate role using Azure Preview Portal.为此,您必须使用 Azure 预览门户为该服务主体分配适当的角色。 Please see this link regarding instructions for the same: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/ .有关相同说明,请参阅此链接: https : //azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/

I know that you're not after this, but one thing you could do is create a service principal type user in your Azure AD and then use that user for both Service Management and Resource Manager API.我知道您不是在追求这个,但您可以做的一件事是在您的 Azure AD 中创建一个service principal类型用户,然后将该用户用于服务管理和资源管理器 API。 Please see this blog post for more details: http://blogs.msdn.com/b/tomholl/archive/2014/11/25/unattended-authentication-to-azure-management-apis-with-azure-active-directory.aspx .有关更多详细信息,请参阅此博客文章: http : //blogs.msdn.com/b/tomholl/archive/2014/11/25/unattended-authentication-to-azure-management-apis-with-azure-active-directory .aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有服务主体的Azure管理API:找不到订阅“ […]” - Azure Management API with service principal: The subscription '[…]' could not be found Azure API 管理未获取具有服务主体的资源组 - Azure API Management not obtaining resource groups with service principal 通过服务主体访问 azure 管道中的 Azure PIM api - Access Azure PIM api in azure pipelines via service principal 密码管理:Azure Devops - 服务连接,服务主体手册 - Password management : Azure Devops - Service connection, service principal manual 使用服务主体访问 Azure blob 存储 - Using service principal to access Azure blob storage Azure 使用 puppeteer 访问 UI:使用服务主体登录 - Azure UI access with puppeteer: login with service principal 使用服务主体授权对Azure的访问 - Authorize access to Azure using Service Principal Azure 无法识别来自 Terraform 的服务主体 API - Service Principal from Terraform not recognized by Azure API API App的Azure服务主体身份验证 - Azure Service principal authentication for API App 在Azure Python API中以编程方式创建服务主体 - Create service principal programmatically in Azure Python API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM