如何在使用Blob触发器触发Azure函数时检索用户信息或标识符

huangapple go评论70阅读模式
英文:

How to retrieve user information or identifier when triggering an Azure Function with Blob Trigger

问题

我们有一个 Azure 函数应用,目前是使用 blob 触发器触发的。最近,出现了一个新的需求,需要获取通过将 blob 上传到指定的 blob 存储容器触发 blob 触发器的用户信息或用户的任何标识符。

我们正在处理的情况涉及两种访问方法:

AAD 身份验证:当用户使用 Azure Active Directory(AAD)身份验证登录并上传一个 blob 时,我们需要捕获他们的用户信息或与他们的帐户关联的任何标识符。
访问密钥:另一方面,如果用户直接使用访问密钥访问 Azure 函数,我们不需要捕获任何用户信息。
我们的目标是在使用 AAD 身份验证时启用对用户特定的 blob 上传进行跟踪和日志记录,但在通过访问密钥访问时不进行记录。

在 Azure Functions 中是否有实现此功能的方法?如果有,我们应该如何实现它?我们愿意使用任何可用的 Azure 服务或自定义解决方案来满足此要求。

感谢您的时间和帮助!

英文:

We have an Azure Function app that is currently triggered using a blob trigger. Recently, a new requirement has come up where we need to obtain the user information or any identifier of the user who triggered the blob trigger by uploading a blob to the designated blob storage container.

The scenario we are dealing with involves two types of access methods:

AAD Authentication: When a user is logged in using Azure Active Directory (AAD) authentication and uploads a blob, we need to capture their user information or any identifier associated with their account.
Access Key: On the other hand, if the user accesses the Azure Function using an access key directly, we do not need to capture any user information.
Our goal is to enable user-specific tracking and logging of blob uploads when AAD authentication is used, but not when accessed via access keys.

Is there any way to achieve this functionality within Azure Functions? If so, how can we implement it? We are open to using any available Azure services or custom solutions to fulfill this requirement.

Thank you for your time and assistance!

答案1

得分: 1

更新:
由于这是特定于应用程序的数据,您可以考虑另一种方法,即将有关用户的元数据存储为 blob 属性,并在将来触发 blob 时,该数据将可用于函数。

这是一种更受控制的方法,允许您实时了解详细信息,而不是等待日志被导出和处理的延迟。


您可以使用诊断设置资源日志导出到日志分析工作区,从而可以查询它们以获取您正在寻找的信息。

关于如何执行这些步骤以及如何获取此信息的详细文档在官方文档中有详细说明。

日志包括一个 AuthenticationType 字段,允许您确定请求是如何进行身份验证的,以及一个 RequesterObjectId 字段,其中包含有关是否使用 Azure AD 进行请求的请求者的信息。

英文:

UPDATE:
Since this is application specific data, another approach that you could consider is to store metadata about the user as blob properties and on future triggers of the blob, that data would be available to the function.

This is a more controlled approach and allows you to know the details in real time compared to the delay in logs being exported and processed.


You can export the resource logs using diagnostic settings into a log analytics workspace allowing you to query them to get the information that you are looking for.

The steps and how you can get this information is documented in detail in the official docs.

The logs include an AuthenticationType field that allows you to identify how the request was authenticated for and a RequesterObjectId field that contains information on who made that request if it were made using Azure AD.

huangapple
  • 本文由 发表于 2023年7月27日 21:28:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76780255.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定