0

我正在寻找创建 Azure 托管应用程序,并且我希望服务能够使用发送到“通知端点”HTTPS webhook 的通知。目前,文档提供了以下两个步骤来保护 webhook 终结点并验证来自 Azure 的请求。

  1. 在 webhook URI 顶部提供查询参数,如下所示:https://your-endpoint.com?sig=Guid。对于每个通知,检查查询参数sig是否具有预期值Guid
  2. 使用 applicationId 在托管应用程序实例上发出 GET。验证 provisioningState 是否与通知的 provisioningState 匹配以确保一致性。

我的问题与这两个步骤有关。

首先,我如何设置期望值Guid?我是否只是设置了一个我应该在某处保密的任意新 GUID?

其次,如何授予我的服务对托管应用程序实例执行 GET 操作的权限?有没有办法在部署期间将角色授予托管应用程序实例本身的主体 ID?我知道我可以向托管资源组授予权限,但是如何向托管应用程序实例授予角色?

谢谢你。

4

1 回答 1

0

Provide a query parameter on top of the webhook URI, like this: https://your-endpoint.com?sig=Guid. With each notification, check that the query parameter sig has the expected value Guid.

• Create a GUID using Powershell using below command :

• Register the GUID in the partner center.

• Add the GUID to the Resource Manager Template

Reference : https://docs.microsoft.com/en-us/azure/marketplace/azure-partner-customer-usage-attribution

Second, how do I grant permission for my service to perform the GET operation on the managed application instance? Is there a way I can grant a role to a principal ID to the managed application instance itself during deployment? I know I can grant authorization to the managed resource group, but how can I grant a role to the managed application instance?

If you register you managed application in the Azure AD, then no additional permissions is required. You will be performing the GET operation in the same way as POST operation.

Reference : https://docs.microsoft.com/en-us/azure/marketplace/azure-app-apis

于 2021-08-23T13:38:21.563 回答