I have setup a LogAnalyticsWorkspace to fetch logs from Azure ADB2C, to do that I have followed this microsoft tutorial
Everything works fine, logs are getting to the workspace and from the Logs section I can query with no issues.
The problem occurs when I try to query those logs from my API, using Azure Monitor Query client library for .NET, I have the following code:
string clientId = "X";//Obtained from the B2C tenant (App registration)
string clientSecret = "X";//Obtained from the B2C tenant(App registration)
string tenantId = "X";//Obtained from the B2C tenant(App registration)
var credentials = new ClientSecretCredential(tenantId, clientId, clientSecret);
var client = new LogsQueryClient(credentials);
var response = await client.QueryWorkspaceAsync(
"MY_WORKSPACE_ID",//Obtained from the tenant where I have LogAnalytics workspace
"AuditLogs",
new QueryTimeRange(TimeSpan.FromDays(1)));
The error I am obtaining it's the following:
Valid authentication was not provided Status: 401 (Unauthorized) ErrorCode: AuthorizationRequiredError Content: {"error":{"message":"Valid authentication was not provided","code":"AuthorizationRequiredError","correlationId":"X","innererror": {"code":"AuthorizationRequiredError","message":"Register resource provider 'Microsoft.Insights' for this subscription to enable this query"}}}
I have checked that Microsoft.insights it's registered in the subscription used in the LogAnalyticsWorkspace.
Any clue what can be the issue? or is there a different way I should use to authenticate?
Note that: To query Azure AD B2C logs from Log Analytics Workspace, you have to grant Log Analytics API
Data.Read
API permission, this API permission is not present in AD B2C tenant.
In the Azure AD B2C app only Microsoft Graph API permissions are supported not other permissions which are linked to subscription.
And assign Log Analytics Reader to the application:
And make use of below c# code to access Log Analytics logs
For sample, I used the sample code to access Logs:
using System;
using System.Net.Http;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
class Program
{
static async Task Main()
{
string tenantId = "TenantID";
string clientId = "ClientID";
string clientSecret = "ClientSecret";
string workspaceId = "WorkspaceID";
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://westus2.api.loganalytics.io/.default" }));
using (var httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {token.Token}");
var apiUrl = $"https://api.loganalytics.io/v1/workspaces/{workspaceId}/query?";
var response = await httpClient.GetAsync(apiUrl);
if (response.IsSuccessStatusCode)
{
var result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
else
{
Console.WriteLine($"Error: {response.StatusCode} - {response.ReasonPhrase}");
}
}
}
}