How to enable authentication for an ACI webservice in Azure Machine Learning service?

Question

I am able to deploy a Azure Machine learning prediction service in my workspace ws using the syntax

aciconfig = AciWebservice.deploy_configuration(cpu_cores=1, 
                                               memory_gb=8, 
                                               tags={"method" : "some method"}, 
                                               description='Predict something')

and then

service = Webservice.deploy_from_image(deployment_config = aciconfig,
                                       image = image,
                                       name = service_name,
                                       workspace = ws)

as described in the documentation.
However, this exposes a service publicly and this is not really optimal.

What's the easiest way to shield the ACI service? I understand that passing an auth_enabled=True parameter may do the job, but then how can I instruct a client (say, using curl or Postman) to use the service afterwards?

silent · Accepted Answer · 2019-04-25T09:06:44.093

2

See here for an example (in C#). When you enable auth, you will need to send the API key in the "Authorization" header in the HTTP request:

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authKey);

See here how to retrieve the key.

edited Apr 25 '19 at 09:06

answered Apr 25 '19 at 08:49

silent

14,494
4
46
86

If we have multiple users and/or applications that will consume the API, we shouldn't expose the same primary API key to them all. How to do this? – Martin Thøgersen May 20 '19 at 07:52
1

You could for instance put Azure API Management in front. https://learn.microsoft.com/en-us/azure/api-management/ – silent May 20 '19 at 07:57
Yes, I already looked at Azure API Management, but it was unclear where to pass the primary token. Can you elaborate a bit? Appreciate it. – Martin Thøgersen May 20 '19 at 08:01
1

See here how to add a HTTP header: https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies#SetHTTPheader So you would do user authorization in API management and then have API mgmt inject the same primary key for all requests to you ML backend service – silent May 20 '19 at 08:05

Davide Fiocco · Answer 2 · 2019-10-09T21:36:34.793

0

First, retrieve the primary and secondary keys with a (Python) syntax like

service.get_keys()

If you are using curl, the syntax may look like this:

curl -H "Content-Type:application/json" -H "Authorization: Bearer <authKey>" -X POST -d '{"data": [some data]}' http://<url>:<port>/<method>

where <authKey> is one of the keys retrieved above.

edited Oct 09 '19 at 21:36

answered Apr 27 '19 at 03:47

Davide Fiocco

5,350
5
35
72

How to enable authentication for an ACI webservice in Azure Machine Learning service?

2 Answers2