I am using Azure ML, I made my models and now I want to connect them to Data Factory to run some process.
I implement an endpoint, but I can't find the API key for the endpoints. Right now, I have the REST endpoint, but not in key-based authentication enabled, it's false. Do you know how to generate the API key?
Currently the only way to retrieve the token is by using the Azure Machine Learning SDK or the Azure CLI machine learning extension.
Key-based auth is supported for Azure Container Instance and Azure Kubernetes Service deployed web-services, and token-based auth is only available for Azure Kubernetes Service deployments.
You can find more information here
Related
Follow up to other question posted here:
Azure microservices: authenticating downstream APIs from B2C to Azure AD, how to configure AD?
All our apps and microservices are hosted in a AKS cluster.
Want to have a single webapp decoupled from other services: using a message broker seems a good approach.
How should a public-facing portal be setup to be able to push data down into a queue or endpoint
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE?
How would this be configured in terms of authentication, app reg etc.?
Lets answer your questions one after another which you have.
The first question
How should a public-facing portal be setup to be able to push data down into a queue or endpoint ?
For this first we need to use a Web API to push data to Azure Service Bus Queue. You can create a new ASP.NET Core Web API project and install Azure Service Bus NuGet package. Check this document for the way to do it.
Then we can use Service Bus Queue trigger Azure function to read the message from the queue and the process it or store it depending on the requirement. Check Azure Service Bus trigger for Azure Functions for more information.
The second question
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE ?
We can achieve this requirement by securing the front end using Application Gateway. We need to configure Application Gateway in front of the Web API.
Check this Configure App Service with Application Gateway document from Microsoft for more information.
Lastly, the third question
How would this be configured in terms of authentication, app reg etc.?
In this case we can use Azure Managed Identity. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
So, we can use Azure Managed Identities with the Azure Resources like AKS. Check this Use managed identities in Azure Kubernetes Service for more information.
I'm able to deploy ML model into Azure Kubernetes Services using AML services. I have enabled token authentication while deploying model into AKS.
As mentioned in the document "https://learn.microsoft.com/en-us/azure/machine-learning/service/concept-enterprise-security" 2 ways authentication(Key and token) is possible to consume ML model webservice, deployed in Azure Kubernetes services. To consume the webservice. we have to provide the token along with the service request. But I couldn’t find any document how to generate/get token from Kubernetes services. How to get the new token every time whenever call is made from client application to the model running in the Azure Kubernetes services. It would be great help if you could able to provide more information on this.
Once you have enabled token authentication, you fetch the token by fetching the service and invoking get_token() method on it. An example of this is available at: https://learn.microsoft.com/en-us/azure/machine-learning/service/concept-enterprise-security#authentication-with-tokens.
token, refresh_by = service.get_token()
print(token)
Microsoft allows use of the Authentication command in Azure SQL to connect to the database using an Azure AD account.
https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
Under heading 7.1. Connecting using integrated (Windows) authentication
How can I use this on an Azure App Service?
Note: I am specifically trying NOT to include the password as the next heading shows. I specifically want integrated.
If my understanding of the documentation is correct, you can achieve this yourself using Token Based authentication. It shouldn't require anything special from Azure App Service. See here for details and sample code:
https://blogs.msdn.microsoft.com/sqlsecurity/2016/02/09/token-based-authentication-support-for-azure-sql-db-using-azure-ad-auth/
The new token-based authentication method allows middle-tier services to obtain a token from Azure AD and use it to connect to Azure SQL Database.
Azure App Service machines are not part of your domain, so this isn't going to work. This was designed to let domain joined clients connect to SQL.
SQL Username/password is the only option left.
Update: see Chris Post about the new token based features
I'm working with Azure Java API in Eclipse.
In my program, I get the Azure credentials from the user. In this way I can use for example the Blob storage service using the Java API for Azure.
But my problem is when I want to manage the data bases deployed in Azure SQL service. My question is if I can list the data bases that the user have created in his Azure account using the Java API and the Azure credentials.
Is it possible to list out the cloud services for azure storage account with out using certification thumbprint . And also get the deployment ID for particular cloud service?
I have connected storage account(based on account key and account name) using azure storage client library and list out the tables and containers. My question is, displays the cloud services for particular storage account with out using certification.
Note: I saw rest api to list out the storage account and services using subscription id with certification.
I am waiting your response.
Is it possible to list out the cloud services for azure storage
account with out using certification thumbprint . And also get the
deployment ID for particular cloud service?
To achieve this, you would need to use Azure Service Management API and API calls need to be authenticated. Using X509 Certificate is one of them (which you don't want to use). Other way to achieve this would be to use Azure Active Directory. You can read more about it here: http://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_ad however authenticating API requests using Azure AD is more complicated than using a certificate IMHO.