question

JayBorseth-2806 avatar image
1 Vote"
JayBorseth-2806 asked SatishBoddu-MSFT answered

Can Azure Maps use Managed Identities for AD

I'm able to get an Azure Maps access token when running as a developer using:

   private static readonly AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider("RunAs=Developer; DeveloperTool=AzureCli");
   string accessToken = await tokenProvider.GetAccessTokenAsync("https://atlas.microsoft.com/", tenantId);

However, if I attempt to run this same code on Azure without the developer stuff after setting up a managed identity for my app:

   private static readonly AzureServiceTokenProvider tokenProvider = new AzureServiceTokenProvider();

it fails. So my question is: Are Managed Identities supported by Azure Maps? @rbrundritt

This page implies no: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities

This page implies yes: https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.authorization/rbac-managedidentity-maps






azure-maps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SatishBoddu-MSFT avatar image
1 Vote"
SatishBoddu-MSFT answered

Hello @JayBorseth-2806 , Thanks for posting on this forum! this is really helpful.

If the app is hosted in the Azure environment, it is recommended to use a managed identity.

Host a daemon on Azure resources

To enable the benefits of managed identity components, we recommend that you host on Azure Virtual Machines, Virtual Machine Scale Sets, or App Services.
To enable application access to a managed identity, see Overview of managed identities.

Request a token with managed identity
After a managed identity is configured for the hosting resource, you can use Azure SDK or REST API to acquire a token for Azure Maps. To learn how to acquire an access token, see Acquire an access token.

Get a token using C#

 // Build request to acquire managed identities for Azure resources token
 HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/");
 request.Headers["Metadata"] = "true";
 request.Method = "GET";
    
 try
 {
     // Call /token endpoint
     HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    
     // Pipe response Stream to a StreamReader, and extract access token
     StreamReader streamResponse = new StreamReader(response.GetResponseStream()); 
     string stringResponse = streamResponse.ReadToEnd();
     JavaScriptSerializer j = new JavaScriptSerializer();
     Dictionary<string, string> list = (Dictionary<string, string>) j.Deserialize(stringResponse, typeof(Dictionary<string, string>));
     string accessToken = list["access_token"];
 }
 catch (Exception e)
 {
     string errorText = String.Format("{0} \n\n{1}", e.Message, e.InnerException != null ? e.InnerException.Message : "Acquire token failed");
 }


This page implies no: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities

I am checking this page content why Azure Maps is not listed?, will update you soon.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.