Programmatically read Azure App Insights logs without a client secret?

北战南征 提交于 2020-06-16 17:31:49

问题


I have a C# application that writes traces and exceptions to Azure Application Insights using Microsoft.ApplicationInsights and the TelemetryClient class.

I want to programmatically search the AI trace and exception logs using C#, as opposed to having to use Kusto queries. Every article I've read on how to do this seems to require that I know the Client Secret for the resource. But I am unable to obtain this, as I don't have authorization to create certificates and secrets in our environment. (I do, however, possess the InstrumentationKey from the ApplicationInsights.config file).

I'm sure there has to be a way to do this without using a secret - right? After all, TelemetryClient doesn't require a secret to write to AI logs (it just needs the aforementioned InstrumentationKey); therefore (since reading is a less risky operation security-wise than writing), I would assume that there's a way to programmatically read the logs with just an InstrumentationKey and without a client secret. Can you please tell me how to do this?


回答1:


Fundamental bad assumption here.

since reading is a less risky operation security-wise than writing

You are writing logs of application operations that may include security critical information (when URL's get logged, exceptions get logged ,variables are written to the server). So in this case WRITING is NOT critical - you can submit fake data, but that it is.

But READING is security critical because you DO expose legally protected data through reading (i.e. possibly and most likely private information of people).

The rest of your question flows from the assumption reading is less security relevant, so all your conclusions are bad.

This is why you need only an instrumentation key to write, but a client secret to read.



来源:https://stackoverflow.com/questions/60621426/programmatically-read-azure-app-insights-logs-without-a-client-secret

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!