问题
So far I used successfully Application Insights REST API for getting metrics with X-Api-Key header. https://api.applicationinsights.io/beta/apps/xxxxxxxxxx/metrics/customMetrics%2FmetricName?timespan=PT2H&interval=PT20M&aggregation=min
However with our new dashboard, crawling several metrics, we hit hard the 1500 request/api key limit.
Some suggest to play around with several api keys, but I would like to prevent this approach.
According to documentation, authenticate with AAD would remove the daily cap (https://dev.applicationinsights.io/documentation/Authorization/Rate-limits)
But I fail to authenticate with AAD (in nodejs, but I suspect it's the same in any language)
I used adal-node with a simple app, I successfully get a token, however I'm not able to forward it to the Request
var context = new AuthenticationContext(authorityUrl);
context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, function(err, tokenResponse) {
if (err) {
console.log('well that didn\'t work: ' + err.stack);
} else {
console.log(tokenResponse);
request({'url' : 'https://api.applicationinsights.io/beta/apps/xxxxxxxxx/metrics/customMetrics%2Fmetrics?timespan=PT2H&interval=PT20M&aggregation=min',
headers: {
'Authorization': 'Bearer ' + tokenResponse.accessToken
}
}, function (error,response,body){
console.log(body);
});
}
});
I'm getting following error message
The provided authentication is not valid for this resource
The given API Key is not valid for the requested resource
I suspect I miss something :)
回答1:
We don't support AAD in our REST API directly. Your resource is managed by the Azure Resource Manager, and only it can validate a certain user has access to this resource. API Keys are our way of short circuiting the authorization directly to a resource, instead of in the user context.
You gave this AAD app access to this resource as yourself, so the authentication is still in the context of a user. The call has to be made to ARM instead: 'https://management.azure.com/subscriptions/xxxxxx/resourcegroups/xxxxx/providers/microsoft.insights/components/xxxxx/api/metrics/customMetrics%2Fmetrics?api-version=2014-12-01-preview×pan=PT2H&interval=PT20M&aggregation=min'
Documentation is linked here - though not explained explicitly: https://dev.applicationinsights.io/documentation/Authorization
This will get you a higher rate-limit, and still return the same response as the REST API.
来源:https://stackoverflow.com/questions/42978366/authenticate-on-application-insights-rest-api-with-aad