使用AAD对Application Insights REST API进行身份验证 [英] Authenticate on Application Insights REST API with AAD
问题描述
到目前为止,我已经成功地使用Application Insights REST API来获取带有X-Api-Key标头的指标. https://api.applicationinsights.io/beta/apps/xxxxxxxxxx/metrics/customMetrics%2FmetricName?timespan=PT2H&interval=PT20M&aggregation=min
So far I used successfully Application Insights REST API for getting metrics with X-Api-Key header. https://api.applicationinsights.io/beta/apps/xxxxxxxxxx/metrics/customMetrics%2FmetricName?timespan=PT2H&interval=PT20M&aggregation=min
但是,通过使用新的信息中心(包含多个指标),我们很难达到1500个请求/API密钥限制.
However with our new dashboard, crawling several metrics, we hit hard the 1500 request/api key limit.
有人建议使用几个api键,但我想避免这种方法.
Some suggest to play around with several api keys, but I would like to prevent this approach.
根据文档,使用AAD进行身份验证会删除每日上限( https://dev.applicationinsights.io/documentation/Authorization/Rate-limits )
According to documentation, authenticate with AAD would remove the daily cap (https://dev.applicationinsights.io/documentation/Authorization/Rate-limits)
但是我无法通过AAD进行身份验证(在nodejs中,但是我怀疑在任何语言中都相同)
But I fail to authenticate with AAD (in nodejs, but I suspect it's the same in any language)
我在一个简单的应用程序中使用了adal-node,我成功获得了令牌,但是无法将其转发到Request
I used adal-node with a simple app, I successfully get a token, however I'm not able to forward it to the Request
var context = new AuthenticationContext(authorityUrl);
context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, function(err, tokenResponse) {
if (err) {
console.log('well that didn\'t work: ' + err.stack);
} else {
console.log(tokenResponse);
request({'url' : 'https://api.applicationinsights.io/beta/apps/xxxxxxxxx/metrics/customMetrics%2Fmetrics?timespan=PT2H&interval=PT20M&aggregation=min',
headers: {
'Authorization': 'Bearer ' + tokenResponse.accessToken
}
}, function (error,response,body){
console.log(body);
});
}
});
我收到以下错误消息
The provided authentication is not valid for this resource
The given API Key is not valid for the requested resource
I'm getting following error message
The provided authentication is not valid for this resource
The given API Key is not valid for the requested resource
我怀疑我想念什么:)
推荐答案
我们不直接在REST API中支持AAD.您的资源由Azure资源管理器管理,并且只有它可以验证特定用户是否有权访问该资源. API密钥是我们将授权直接短路到资源的一种方式,而不是在用户上下文中.
We don't support AAD in our REST API directly. Your resource is managed by the Azure Resource Manager, and only it can validate a certain user has access to this resource. API Keys are our way of short circuiting the authorization directly to a resource, instead of in the user context.
您已以您自己的身份将此AAD应用程序访问该资源,因此身份验证仍在用户的上下文中.必须改为致电ARM:'
You gave this AAD app access to this resource as yourself, so the authentication is still in the context of a user. The call has to be made to ARM instead: 'https://management.azure.com/subscriptions/xxxxxx/resourcegroups/xxxxx/providers/microsoft.insights/components/xxxxx/api/metrics/customMetrics%2Fmetrics?api-version=2014-12-01-preview×pan=PT2H&interval=PT20M&aggregation=min'
此处链接了文档-尽管没有明确说明: https://dev.applicationinsights.io/documentation /授权
Documentation is linked here - though not explained explicitly: https://dev.applicationinsights.io/documentation/Authorization
这将为您提供更高的速率限制,并且仍返回与REST API相同的响应.
This will get you a higher rate-limit, and still return the same response as the REST API.
这篇关于使用AAD对Application Insights REST API进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
