问题
The goal is to develop an Azure function which should do some changes in Azure DevOps (like update work items, wiki pages etc), being triggered by Azure pipeline service hook. Can I use function system identity in this case? And how can I give permissions for this identity to call DevOps REST APIs?
回答1:
I'm not sure if this is the best way but you can create PAT token. Since you will use it for Azure Function I woudl recommend to use Azure KeyVault to store that token.
Here you have the example how you can use it to fetch projects from Azure DevOps:
public static async void GetProjects()
{
try
{
var personalaccesstoken = "PAT_FROM_WEBSITE";
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Add(
new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(
System.Text.ASCIIEncoding.ASCII.GetBytes(
string.Format("{0}:{1}", "", personalaccesstoken))));
using (HttpResponseMessage response = await client.GetAsync(
"https://dev.azure.com/{organization}/_apis/projects"))
{
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
Here you have documentation for updating work items. I tested that with Postman, but I was able to edit work item using PAT.
来源:https://stackoverflow.com/questions/61238303/what-is-the-right-way-to-authenticate-azure-function-against-azure-devops-rest-a