Azure 中服务主体和托管标识之间的区别
[英]Difference between Service Principal and Managed Identities in Azure
问题描述
I would like to know if it is always recommended to use Managed Identities in Azure, mostly system assigned or a Service Principal?
我想知道是否总是建议在 Azure 中使用托管身份,主要是系统分配的还是服务主体? When should Service Principals be used in Azure compared to a managed identity, what is the advantage of one over the other?与托管标识相比,何时应在 Azure 中使用服务主体,两者相比有何优势? Any help would be appreciated.任何帮助,将不胜感激。
5 个解决方案
解决方案1
30 2020-04-20 12:06:50
Internally, managed identities are service principals of a special type, which are locked to only be used with Azure resources.
Source: What are managed identities for Azure resources?
and和
So what's the difference?
Put simply, the difference between a managed identity and a service principal is that a managed identity manages the creation and automatic renewal of a service principal on your behalf.Source: What's an Azure Service Principal and Managed Identity?
解决方案2
4 2021-04-30 20:42:39
A managed identity is a type of the service principal.托管标识是一种服务主体。
A service principal can be one of three types: applicaiton, managed identity, and legacy.服务主体可以是以下三种类型之一:应用程序、托管标识和旧版。 The division into types is based on circumstances of their usage.类型的划分是基于它们的使用情况。 Thus their specific handling also differs based on their type.因此,它们的具体处理方式也因它们的类型而异。
rickvdbosch provided link to an article that talks about specifics of the managed identity type of the service principal. rickvdbosch 提供了一篇文章的链接,该文章讨论了服务主体的托管身份类型的细节。 For those who would like to learn about the concept of the service principal object and its types, here is a link to a different article: Application and service principal objects in Azure Active Directory .对于那些想了解服务主体 object 及其类型的概念的人,这里是另一篇文章的链接: Azure Active Directory 中的应用程序和服务主体对象。
解决方案3
0 2021-07-25 18:08:56
A Service Principal could be looked at as similar to a service account-alike in a more traditional on-premises application or service scenario.在更传统的本地应用程序或服务场景中,服务主体可以被视为类似于服务帐户。 Managed Identities are used for “linking” a Service Principal security object to an Azure Resource like a Virtual Machine, Web App, Logic App or similar托管身份用于“链接”服务主体安全 object 到 Azure 资源,如虚拟机、Web 应用程序、逻辑应用程序
解决方案4
0 2022-01-22 01:46:12
An Azure service principle is like an application, whose tokens can be used by other azure resources to authenticate and grant access to azure resources.一个 Azure 服务原理就像一个应用程序,其令牌可以被其他 azure 资源用来验证和授予对 azure 资源的访问权限。
Managed identities are service principals of a special type, which are locked to only be used with Azure resources.托管标识是一种特殊类型的服务主体,被锁定为仅用于 Azure 资源。
The main difference between both is that in managed identity you don't need to specify any credentials in your code compared to service principles where you need to specify application id, client id, etc to generate a token to access any Azure resource.两者之间的主要区别在于,在托管标识中,与需要指定应用程序 ID、客户端 ID 等以生成令牌以访问任何 Azure 资源的服务原则相比,您不需要在代码中指定任何凭据。 Ideally, you should opt for service principal only if the service you use doesn't support managed identity.理想情况下,仅当您使用的服务不支持托管标识时,您才应该选择服务主体。
解决方案5
0 2022-08-16 13:23:29
Managed Identities are tied to a resource (VM, Logib App, etc).托管身份与资源(VM、Logib 应用程序等)相关联。 To give the resource grants and permissions for accessing(CRUD) other resources you use Managed Identities.要授予资源授予和访问 (CRUD) 其他资源的权限,您使用托管身份。
Service Principial do not have to be tied to a resource, they leave under tenant and above subscription, and what is more is more important - have some auth tokens that could be stored somewhere (Key Vault).服务主体不必绑定到资源,它们在租户和订阅之上,更重要的是 - 有一些可以存储在某个地方的身份验证令牌(Key Vault)。 It is like a fake user with some credentials and tokens.它就像一个拥有一些凭据和令牌的假用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.