[英]Azure Service Principal cannot access Service Management API
It seems that an application that authenticates against Azure as a Service Principal (setup as per this post ) cannot access the Service Management API.似乎将 Azure 作为服务主体进行身份验证的应用程序(根据这篇文章进行设置)无法访问服务管理 API。 I cannot find anywhere that states explicitly that this is not supported.
我找不到任何明确声明不支持此功能的地方。 Is it possible?
是否可以? Will it ever be supported?
它会得到支持吗?
An application that authenticates using a Management Certificate cannot access the Resource Manager API (this is explicitly not supported).使用管理证书进行身份验证的应用程序无法访问资源管理器 API(明确不支持)。
Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?有没有一种方法来验证对Azure和接入两种服务管理和资源管理器API的应用程序(不是人)?
Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?
有没有办法针对 Azure 对应用程序(而不是个人)进行身份验证并访问服务管理和资源管理器 API?
From what I understand, No it is not possible today.据我所知,不,今天是不可能的。 In order to use
tokens
based authentication for Service Management API, the user/application for which the token is issued must be an administrator or co-administrator on the Azure Subscription in question and I could not find a way to add a service principal as an admin/co-admin in Azure Portal.为了对服务管理 API 使用基于
tokens
的身份验证,为其颁发令牌的用户/应用程序必须是相关 Azure 订阅的管理员或共同管理员,我找不到添加服务主体作为Azure 门户中的管理员/共同管理员。
However a Service Principal can access Resource Manager API.但是,服务主体可以访问资源管理器 API。 For this you must assign that service principal an appropriate role using Azure Preview Portal.
为此,您必须使用 Azure 预览门户为该服务主体分配适当的角色。 Please see this link regarding instructions for the same: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/ .
有关相同说明,请参阅此链接: https : //azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/ 。
I know that you're not after this, but one thing you could do is create a service principal
type user in your Azure AD and then use that user for both Service Management and Resource Manager API.我知道您不是在追求这个,但您可以做的一件事是在您的 Azure AD 中创建一个
service principal
类型用户,然后将该用户用于服务管理和资源管理器 API。 Please see this blog post for more details: http://blogs.msdn.com/b/tomholl/archive/2014/11/25/unattended-authentication-to-azure-management-apis-with-azure-active-directory.aspx .有关更多详细信息,请参阅此博客文章: http : //blogs.msdn.com/b/tomholl/archive/2014/11/25/unattended-authentication-to-azure-management-apis-with-azure-active-directory .aspx 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.