过去的几天我一直在努力从Azure Log Analytics查询自定义日志。我一直在遵循Microsoft从https://dev.int.loganalytics.io/documentation/1-Tutorials/Direct-API提供的教程,但我一直得到403。我向我的Azure应用程序授予了工作空间上的所有权限 这是我用来尝试查询ALA工作区的简单应用程序代码
static async Task Main(string[] args)
{
String tenantId = "??????????????????????????????????";
String applicationId = "??????????????????????????????????";";
String applictionSecretKey = "??????????????????????????????????";;
String token;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Dictionary<String, String> requestData = new Dictionary<String, String>();
requestData.Add("grant_type", "client_credentials");
requestData.Add("client_id", applicationId);
requestData.Add("client_secret", applictionSecretKey);
requestData.Add("resource", "https://api.loganalytics.io/");
FormUrlEncodedContent requestBody = new FormUrlEncodedContent(requestData);
var request = await client.PostAsync($"https://login.microsoftonline.com/{tenantId}/oauth2/token", requestBody);
var response = await request.Content.ReadAsStringAsync();
token = JsonConvert.DeserializeObject<dynamic>(response).access_token;
}
String workspaceId = "??????????????????????????????????";;
String query = JsonConvert.SerializeObject(new
{
query = "ApplicationLog_CL | take 10",
timespan = "PT12H"
});
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var postContent = new StringContent(query, Encoding.UTF8, "application/json");
var response = await client.PostAsync($"https://api.loganalytics.io/v1/workspaces/{workspaceId}/query", postContent);
HttpContent responseContent = response.Content;
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(content);
}
Console.ReadKey();
}
我不断收到ALA API的403响应。知道我在这里缺少什么吗?
答案 0 :(得分:0)
根据您提供的tutorial,我在自己的网站上进行了测试,效果很好。
以下是一些您可以进行故障排除的方法。
1。当您在add role
中Access control
时,可以像教程一样添加名称为AIDemoApp
的AAD注册应用。
2。将new MediaTypeWithQualityHeaderValue("application/json")
更改为new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded")
。
3。在AAD中已注册的应用程序中添加权限后,单击Grant Permission
。