AAD and LocalAuthentication should not be mutually exclusive. #2795
Comments
|
Where do you see a bearer token being included in the /track request? I'm debugging a 401 with that, getting it when I disable local auth, despite calling |
|
I've opened an issue about this: #2893. |
Im using wireshark to inspect the call from a .net console app. |
|
Ah OK, so you're not doing JavaScript client-side tracking. That makes sense, not sure why I thought that. Thanks! |
Currently if SetAzureTokenCredential is called, then TelemetryClient will include a bearer token when calling AI /v2.1/track endpoint, and even if local authentication is still enabled the endpoint will return 403 unless Metrics publisher role is granted.
This makes it harder to migrate existing apps to AAD because switching from local auth to AAD requires a code change/deployment using SetAzureTokenCredential on top of adding the roles in Azure.
Ideally something similar to Microsoft.Data.SqlClient where we can specify authentication method in the Connectionstring like this and avoid code change that would be great.
InstrumentationKey=xxxxxx-xxxx-xxx-xxx-xxxxxxx;IngestionEndpoint=https://xxxxxxxx.in.applicationinsights.azure.com/;LiveEndpoint=https://xxxxxx.livediagnostics.monitor.azure.com/;**Authentication=Active Directory Default**;Alternatively if we can make local authentication work despite calling SetAzureTokenCredential.
The text was updated successfully, but these errors were encountered: