问题
I have a C# application that writes traces and exceptions to Azure Application Insights using Microsoft.ApplicationInsights
and the TelemetryClient
class.
I want to programmatically search the AI trace and exception logs using C#, as opposed to having to use Kusto queries. Every article I've read on how to do this seems to require that I know the Client Secret for the resource. But I am unable to obtain this, as I don't have authorization to create certificates and secrets in our environment. (I do, however, possess the InstrumentationKey
from the ApplicationInsights.config
file).
I'm sure there has to be a way to do this without using a secret - right? After all, TelemetryClient
doesn't require a secret to write to AI logs (it just needs the aforementioned InstrumentationKey
); therefore (since reading is a less risky operation security-wise than writing), I would assume that there's a way to programmatically read the logs with just an InstrumentationKey
and without a client secret. Can you please tell me how to do this?
回答1:
Fundamental bad assumption here.
since reading is a less risky operation security-wise than writing
You are writing logs of application operations that may include security critical information (when URL's get logged, exceptions get logged ,variables are written to the server). So in this case WRITING is NOT critical - you can submit fake data, but that it is.
But READING is security critical because you DO expose legally protected data through reading (i.e. possibly and most likely private information of people).
The rest of your question flows from the assumption reading is less security relevant, so all your conclusions are bad.
This is why you need only an instrumentation key to write, but a client secret to read.
来源:https://stackoverflow.com/questions/60621426/programmatically-read-azure-app-insights-logs-without-a-client-secret