如何使用基于管理证书认证作出REST API调用Azure的？ [英] How to use Management certificate based authentication for making REST API calls to Azure?

问题描述

我想从微软Azure使用Java应用程序的使用情况和价目表信息，我才明白，我可以使用管理证书打电话到微软的Azure进行身份验证。

我得到了管理证书从.publishsettings文件，我从这里

得到

然而，在 AuthenticationContext ，我没有看到，利用该证书来获得所需的制作使用和速度API调用访问令牌的任何方法。

我试着参考<一个href=\"http://stackoverflow.com/questions/26125905/using-management-certificate-with-azure-rest-api\">this回答，但我没有看到任何可用的客户使用和价目表，答案是指ManagementClient，这不是一个我用例。我提到了这个博客，以及，这​​使得引用 ClientAssertionCertificate ，我没有在的 Java库阿达尔。

注：我能做出REST API调用到Azure使用的用户名，密码和放大器得到使用和价目表的信息;客户端基于ID的认证机制，但我想利用这个管理证书机制，因为我的应用程序的用户可能不信任他们的凭据，此应用程序，这基于证书的机制似乎更容易从一个用户点使用。

解决方案

  

不过，在AuthenticationContext，我没有看到，利用该证书来获得用于制作使用和速度的API调用所需的访问令牌的任何方法。

  
  

我提到了这个博客，以及，这​​使得ClientAssertionCertificate，我不要在Java库阿达尔看到一个参考。

由于拉夫说，我们仅仅只可以调用使用与放大器;价目表API使用的Azure Active Directory进行身份验证。您可以使用AuthenticationContext获取的的access_token 如下code。您需要提供客户端ID 和客户端密钥（键）

 私人AuthenticationResult getAccessTokenFromClientCredentials（）
            抛出的Throwable
        AuthenticationContext语境= NULL;
        AuthenticationResult结果= NULL;
        ExecutorService的服务= NULL;
        尝试{
            服务= Executors.newFixedThreadPool（1）;
            上下文=新AuthenticationContext（授权+租户+/，真实，
                    服务）;
            未来＆LT; AuthenticationResult＆GT;未来= context.acquireToken（
                    https://graph.windows.net，新ClientCredential（客户端ID，
                            clientSecret），NULL）;
            结果=的Future.get（）;
        }赶上（为ExecutionException E）{
            扔e.getCause（）;
        } {最后
            service.shutdown（）;
        }        如果（结果== NULL）{
            抛出新的ServiceUnavailableException（
                    认证结果为空）;
        }
        返回结果;
    }
 

  

注：我能够做出REST API调用到Azure使用的用户名，密码和放大器得到使用和价目表的信息;客户端基于ID的认证机制，.....

我们似乎无法使用管理证书机制调用用法和放大器;价目表API。由于这些主叫用户或服务主体是业主中的一员，贡献者或在Azure AD租户的要求的订阅读者角色（请参见本文档）。我建议你​​参考这个文档了解如何认证的Azure资源管理。

I am trying to get the usage and rate card information from Microsoft Azure using a java application and I came to understand that I can use the Management certificate to authenticate for making calls to Microsoft Azure.

I got the Management Certificate from the .publishsettings file I got from here

However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.

I tried referring to this answer, but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism, but I wanted to make use of this management certificate mechanism since the users of my application may not trust this application with their credentials and this certificate based mechanism seems more easier to use from a user-point of view.

解决方案

However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.

I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.

As Gaurav said, We just only can call Usage & Rate Card API using Azure Active Directory for authentication. You can use AuthenticationContext to acquire the the access_token as following code. You need provide client ID and Client Secret(key).

private AuthenticationResult getAccessTokenFromClientCredentials()
            throws Throwable {
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(authority + tenant + "/", true,
                    service);
            Future<AuthenticationResult> future = context.acquireToken(
                    "https://graph.windows.net", new ClientCredential(clientId,
                            clientSecret), null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        return result;
    }

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,.....

It seems that we can't use Management certificate mechanism to call Usage & Rate Card API. Because these calling user or the service principal is a member of the Owner, Contributor or Reader role in the Azure AD tenant for the requested subscription (see this document). I recommend you refer to this document about how to authenticate Azure Resource Management.

这篇关于如何使用基于管理证书认证作出REST API调用Azure的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！