python - Azure 分析休息 API : 401 Unauthorized. "Authentication failed."

Question

我正在尝试按照此 azure 文档进行数据分区刷新(发布):https://learn.microsoft.com/en-us/azure/analysis-services/analysis-services-async-refresh

无论是通过 post 还是 get，我都收到 401 Unauthorized(即使服务已关闭!)。

我从 azure AD (ServicePrincipalCredential) 获取了 token 。 我将 AD 添加为 Analysis Services 管理员 ( https://learn.microsoft.com/en-us/azure/analysis-services/analysis-services-server-admins ) 我在 Analysis Services IAM 中向 AD 授予了所有者角色。

它与 Analysis Services 管理 REST API ( https://learn.microsoft.com/en-us/rest/api/analysisservices/operations/list ) 一起使用，具有相同的身份验证(获得代码响应 200)

我的Python代码:

from azure.common.credentials import ServicePrincipalCredentials
import requests

credentials = ServicePrincipalCredentials(client_id="ad_client_id",
                                          secret="ad_secret",
                                          tenant="ad_tenant")
token = credentials.token

url = "https://westeurope.asazure.windows.net/servers/{my_server}/models/{my_model}/refreshes"

test_refresh = {
            "Type": "Full",
            "CommitMode": "transactional",
            "MaxParallelism": 1,
            "RetryCount": 1,
            "Objects": [
                {
                    "table": "my_table",
                    "partition": "my_partition"
                }
            ]
        }

header={'Content-Type':'application/json', 'Authorization': "Bearer {}".format(token['access_token'])}

r = requests.post(url=url, headers=header, data=test_refresh)

import json
print(json.dumps(r.json(), indent=" "))

我得到的回复:

{
 "code": "Unauthorized",
 "subCode": 0,
 "message": "Authentication failed.",
 "timeStamp": "2019-05-22T13:39:03.0322998Z",
 "httpStatusCode": 401,
 "details": [
  {
   "code": "RootActivityId",
   "message": "aab22348-9ba7-42c9-a317-fbc231832f75"
  }
 ]
}

我很绝望，你能给我一些帮助来澄清这一点吗？

Answer 1

终于解决了这个问题。 我的 token 有误。该 API 需要 OAuth2.0 身份验证 token (Azure 分析服务 REST API 文档不太清楚如何获取该 token )

对于那些遇到同样问题的人，有一种方法可以解决这个问题。

from adal import AuthenticationContext

authority = "https://login.windows.net/{AD_tenant_ID}"
auth_context = AuthenticationContext(authority)
oauth_token = auth_context.acquire_token_with_client_credentials(resource="https://westeurope.asazure.windows.net", client_id=AD_client_id, client_secret=AD_client_id)
token = oauth_token['accessToken']

关于此的文档: https://learn.microsoft.com/en-us/python/api/adal/adal.authentication_context.authenticationcontext?view=azure-python#acquire-token-with-client-credentials-resource--client-id--client-secret-

https://github.com/AzureAD/azure-activedirectory-library-for-python/wiki/ADAL-basics