2

I am trying to get the usage and rate card information from Microsoft Azure using a java application and I came to understand that I can use the Management certificate to authenticate for making calls to Microsoft Azure.

I got the Management Certificate from the .publishsettings file I got from here

However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.

I tried referring to this answer, but I don't see any clients available for usage and rate card and the answer refers to ManagementClient, which isn't the one for my usecase. I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism, but I wanted to make use of this management certificate mechanism since the users of my application may not trust this application with their credentials and this certificate based mechanism seems more easier to use from a user-point of view.

Community
  • 1
  • 1
jobin
  • 2,600
  • 7
  • 32
  • 59

2 Answers2

1

Simple answer is you can't use a management certificate to consume Billing API. Billing API are essentially part of newer APIs that make use of Azure AD tokens.

Management certificate can only be used for Service Management APIs.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • Does it mean that there is no way other than getting the user's username & password to get data from the usage & rate card API? – jobin Oct 06 '15 at 06:27
  • That is correct. IMHO, this is the right way to do things. With management certificate approach, essentially the person in possession of the certificate has complete control over your Azure Subscription. With this approach, you get Role-based access control so you can grant granular permission to users on your Azure Subscription. – Gaurav Mantri Oct 06 '15 at 06:42
1

However, in AuthenticationContext, I don't see any method that utilizes this certificate to get the access token required for making usage and rate API calls.

I referred to this blog as well, which makes a reference to ClientAssertionCertificate , which I don't see in the java library for adal.

As Gaurav said, We just only can call Usage & Rate Card API using Azure Active Directory for authentication. You can use AuthenticationContext to acquire the the access_token as following code. You need provide client ID and Client Secret(key).

private AuthenticationResult getAccessTokenFromClientCredentials()
            throws Throwable {
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(authority + tenant + "/", true,
                    service);
            Future<AuthenticationResult> future = context.acquireToken(
                    "https://graph.windows.net", new ClientCredential(clientId,
                            clientSecret), null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        return result;
    }

NB: I am able to make REST API calls to Azure for getting usage and rate card information using the username, password & client ID based authentication mechanism,.....

It seems that we can't use Management certificate mechanism to call Usage & Rate Card API. Because these calling user or the service principal is a member of the Owner, Contributor or Reader role in the Azure AD tenant for the requested subscription (see this document). I recommend you refer to this document about how to authenticate Azure Resource Management.

Community
  • 1
  • 1
Will Shao - MSFT
  • 1,189
  • 7
  • 14