azureazure-machine-learning-serviceazuremlsdk

How to authenticate within Azure ML pipeline and avoid browser interactive authentication?


I have created a very simple azure ml pipeline. Basically, it accesses data through an api and prints it. I have tried using a ClientSecretCredential and a ServicePrincipalAuthentication but the pipeline still asks me for a web browser authentication to continue (even though the script runs when I just run the python file in the terminal)

    from azureml.core.compute import ComputeTarget, AmlCompute
    import azureml.core
    from azureml.core import Workspace, Datastore
    from azure.identity import ClientSecretCredential
    from azureml.core.authentication import ServicePrincipalAuthentication
    
    
    ws = Workspace.from_config()
    
    keyvault = ws.get_default_keyvault()
    
    client_id = keyvault.get_secret("ClientID")
    tenant_id = keyvault.get_secret("TENANTID")
    secret_id = keyvault.get_secret("CLIENTSECRET")
    
    sp = ClientSecretCredential(tenant_id = tenant_id, client_id = client_id, client_secret = secret_id)

#  sp = ServicePrincipalAuthentication(tenant_id, client_id, secret_id)

This is the output from the pipeline:

2022-07-06 06:08:21,496|azureml._vendor.azure_cli_core._session|INFO|Failed to load or parse file /root/.azureml/auth/azureProfile.json. It will be overridden by default settings. 2022-07-06 06:08:21,496|azureml._vendor.azure_cli_core._session|INFO|Failed to load or parse file /root/.azureml/auth/az.json. It will be overridden by default settings. 2022-07-06 06:08:21,496|azureml._vendor.azure_cli_core._session|INFO|Failed to load or parse file /root/.azureml/auth/az.sess. It will be overridden by default settings. 2022-07-06 06:08:21,498|azureml._vendor.azure_cli_core|DEBUG|Current cloud config: AzureCloud 2022-07-06 06:08:21,501|azureml._vendor.azure_cli_core|DEBUG|Current cloud config: AzureCloud 2022-07-06 06:08:21,527|azureml._vendor.azure_cli_core._profile|INFO|No web browser is available. Fall back to device code. 2022-07-06 06:08:21,628|azureml._vendor.azure_cli_core.auth.identity|WARNING|To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXXX to authenticate. 2022-07-06 06:08:49,950|azureml.core.authentication|DEBUG|Time to expire 1814345.049124 seconds

What can I do for it to pick up the credential in the code and avoid asking for interactive authentication?


Solution

  • By default, authentication procedure is UI Based (Browser interactive based). To avoid that kind of authentication, we need to look over either one of the following:

    The above 4 alternative procedures which can avoid the browser interactive based authentication.

    There are different classes for authentication as mentioned in Classes

    To know more about different methods in authentication follow the repo