We are using Azure data factory to copy data from on-premise to Azure. We have implemented multiple activities to complete the data copy. Until now, we are using basic authentication for web activity to call web API methods.
As per the latest monitoring UI, it also supports MSI authentication. We have tried to use but no any luck. Also, tried to search related things but does not get any information related to data factory web activity and MSI authentication.
How can we achieve this authentication for Web Activity?
Regards,
Shrikant
How can we achieve this authentication for Web Activity?
If you use the Azure function/WebApp MSI, you need to config the resource.
https://management.azure.com/
For other resources, you could refer to this document.
Related
I am having difficulties accessing DevOps Analytics view trough ADF. I am currently able to fetch data using an OData linked service and using a personal access token (PAT) but this is not an option for me as it is tied to a user. Is it possible to do this trough a Service Principle?
This is more of an 'Is this possible' question. A developer on the team suggested using Azure AD for user management, but one of the requirements is that the app admin be able to add/manage user access through the application without having to go to the Azure Portal.
So the question is, is the Graph API (or some other mechanism) full featured enough to replace the portal (at least for basic user set up and management) and allow all actions to be done from the application UI?
Thanks.
Simple answer to your question is Yes. Graph API can be used to manage users and their access to applications instead of using Azure Portal. In fact, Azure Portal itself makes use of Graph API to perform these operations.
You may also need to use Azure REST API if you're planning on managing Azure resources as well through this custom application especially Authorization APIs if you want to manage access to Azure resources (Azure Role-based access control) through your application.
If I look at the Azure activity logs in Azure Portal some of the logs are initiated by Microsoft internal services like "Microsoft Azure Policy Insights". In my application we are getting the Azure activity logs using the Rest API for Activity logs. Is there a way to filter out internally generated logs (initiated by Microsoft Services) from the ones generated by actual users or applications configured in the account? I thought of using caller as a way to differentiate. For users caller has an email address assigned. But the problem with this approach is this approach will filter out any logs for applications as well. Let me if there is any other way to achieve this.
Unfortunately I don't believe there is a way to achieve this scenario.
Can any one help in understanding procedure of copying excel file from share point to azure Blob storage through Azure Data Factory pipelines. I am struggling while creating Odata linked service. What is service url in odata linked service?
I am using rest apis provided in link here as a service url :https://xxxxx.sharepoint.com/sites/xxx/_api/web/
authentication type: basic
when I test connection I outputs a weird error: here
I have tried the following articles so far.
https://learn.microsoft.com/en-us/azure/data-factory/connector-odata
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/working-with-folders-and-files-with-rest
Note: when I try these rest api urls from browser they work fine I can download files and so on.
is there any other way of achieving this goal??
Sharepoint online is supported by OData linked service through AAD SPN with Cert authentication type.
A cert using by OData connector can be created and configured by following the below article, which will guide you to connect the cert to an AAD app for invoking SPO Online with an app only access token.
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
I created an empty Azure cloud service and I want to allow other developers to deploy to it. So far the only route I can see is adding the developers as Azure subscription administrators. I would rather give them more specific access to the cloud services only.
No such functionality exist today which will allow you to grant/revoke permissions at the cloud service level. Once a developer is provided access to the subscription, they would have access to all the resources under that subscription.
There's a REST API behind cloud service deployments and all the tools (including Windows Azure Portal and Visual Studio) consume this API for creating deployments. One possible solution would be to build your own solution consuming this API. In this solution you will implement access control based on your requirements so that when your user use this service, they will only see the cloud service they're assigned to and can only manage that cloud service. There's a managed library for consuming this API. You can find more information here: http://www.bradygaster.com/post/getting-started-with-the-windows-azure-management-libraries.
It seems that if the original developer downloads the publish profile from Azure (it's an xml file that with a .PublishSettings extension), you can copy the userPWD from that file, give it to another developer and they can paste it into the password field in the Connection section of the Publish dialog.
The userPWD is a string that looks something like this:
EFFCLfDqDKHlXcA2YDZPvX4BZXWFaobxaLN0aPJd4HCfa8WxlqEkt2yywBsx