堆栈内存溢出
  简体   繁体   English

第三方的Azure Management API访问权限

[英]Azure Management API access for a 3rd party

 原文  2019-05-17 16:29:00       azure/ azure-active-directory

问题描述

I am developing an application that integrates with other business' Azure accounts. 我正在开发一个与其他业务'Azure帐户集成的应用程序。 My application needs read access to the Azure Monitor service in our customers' Azure accounts. 我的应用程序需要对客户的Azure帐户中的Azure Monitor服务进行读取访问。 What is the best way to authenticate? 验证的最佳方式是什么?

After reading, here's the current solution I came up with: 阅读后,这是我提出的当前解决方案:

Have a customer create an App registration in their account. 让客户在其帐户中创建应用程序注册。 After creating the app registration, they assign the Monitoring Reader role to the application they created. 创建应用程序注册后,他们将Monitoring Reader角色分配给他们创建的应用程序。 The customer then will navigate back to the App registration and create a Client Secret. 然后,客户将导航回App注册并创建客户端密钥。 The customer then provides my service the client ID, tenant ID, and a Client Secret. 然后,客户向我的服务提供客户端ID,租户ID和客户端密钥。 My service will use those to authenticate with Azure and call Azure Monitor. 我的服务将使用这些来验证Azure并调用Azure Monitor。

Is this the recommended way to authenticate with Azure as a 3rd party? 这是以Azure作为第三方进行身份验证的推荐方法吗?

1 个解决方案

解决方案1
 0  2019-05-20 07:14:25

I am not sure if it the best way, but indeed it is a feasible way. 我不确定它是否是最佳方式,但实际上它是一种可行的方式。 This way named client credentials flow , you need to use this way to request the access token, then use the token to call azure rest api, eg Alert Rules - Get . 这种方式命名客户端凭证流 ,您需要使用这种方式来请求访问令牌,然后使用令牌调用azure rest api,例如Alert Rules - Get

When you request the token, you need to specify the resource with https://management.azure.com/ , also, you should note v1.0 endpoint is different with v2.0 , v2.0 uses scope not resource , for difference details see this link . 当您请求令牌时,您需要使用https://management.azure.com/指定resource ,另外,您应该注意v1.0端点与v2.0不同,v2.0使用scope而不是resource ,用于差异详情见此链接 So you should choose the correct one depends on which version app your customer created. 因此,您应该选择正确的一个取决于您的客户创建的应用程序版本。

Besides, correct some of your understanding of azure ad tenant and azure subscription. 此外,纠正您对azure ad tenant和azure订阅的一些理解。 They are not called Azure account, the Azure monitor is a service in the subscription, the subscription locates in the tenant. 它们不称为Azure帐户,Azure监视器是订阅中的服务,订阅位于租户中。 The AD app(app registration) also locates in the tenant. AD应用程序(应用程序注册)也位于租户中。 You can understand the AD app is higher than the subscription, it is not in the subscription. 您可以理解AD应用程序高于订阅,它不在订阅中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 azure 函数连接到 3rd 方 API 在部署时不起作用 - azure function connect to 3rd party API not working when deployed 适用于第 3 方的 Azure 逻辑应用连接器 - Azure Logic Apps connector for 3rd party Azure AD - SAML 与第 3 方作为 IDP - Azure AD - SAML with 3rd party as IDP Azure:由于注册表上的访问被拒绝,因此无法安装第三方安装程序 - Azure : Can not install 3rd party setup due to access denied on registry 从第 3 方服务器调用 Azure Devops API 端点 - Making calls to Azure Devops API endpoints from a 3rd party server 设置第三方Azure集成应用程序SPN - Provisioning 3rd party Azure integrated application SPN 是否可以单点登录第三方Azure远程应用程序? - Is it possible to have single sign on for 3rd party azure remote apps? 将第三方身份验证提供程序与Azure函数一起使用 - Using a 3rd party auth provider with Azure Functions 如何在Azure App Service上引用第三方dll - How are 3rd party dll's referenced on Azure App Service Azure Service Fabric-为多个第三方服务创建应用程序 - Azure Service Fabric - Application creation for multiple 3rd party services
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM