问题
I have a file in an Azure container which is accessed via an Azure Function.
When the function is invoked - it is first AuthD against Azure AD only then the file is loaded.
What is the simplest way to identify "who" accessed my file ?
Any user id is NOT passed as parameter. There are 1000+ users in that AD.
Please guide.
回答1:
App Service passes user claims to your application by using special headers. External requests aren't allowed to set these headers, so they are present only if set by App Service. Some example headers include:
X-MS-CLIENT-PRINCIPAL-NAME
X-MS-CLIENT-PRINCIPAL-ID
You can use request.headers['your-header-name'] to get the corresponding value. The code example is as follows:
public static async Task<HttpResponseMessage> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]
HttpRequest httpRequest,
ILogger logger)
{
var name1=httpRequest.Headers["X-MS-CLIENT-PRINCIPAL-NAME"].ToString();
}
For more details, you can refer to this official document, or you can also refer to this post.
来源:https://stackoverflow.com/questions/63125857/azure-function-container-audit