azureazure-text-translation

Disable local auth for Azure Translator

I am required to disable local auth for the Azure Cognitive services including the Translator resource and migrate to using TokenCredential.

There is 0 mention in the docs of how to use TokenCredential with a translator resource even though TextTranslationClient can be constructed with an instance of TokenCredential. As expected using DefaultAzureCredential results in 401.

Disabling local authentication breaks the old setup that was getting a token by calling https://api.cognitive.microsoft.com/sts/v1.0/issueToken with a primary key.

Solution

  • Disable local authentication for Azure Translator.

    According to MS-Document,

    If you disable local authentication (key authentication), you should use the Microsoft entra ID authentication only that means resource should be created with custom subdomain.

    To authenticate with Microsoft entra ID, I followed the above document and created a resource with a custom domain using the command below.

    Command:

    az cognitiveservices account create -n sampletext901 -g xxxx --kind TextTranslation --sku S1 -l global --custom-domain "venkat123"

    After creation, the Endpoint should show the subdomain name unique to your resource.

    Output with Endpoints:

    "endpoint": "https://api.cognitive.microsofttranslator.com/",
    "endpoints": {
      "Container": "https://venkat123.cognitiveservices.azure.com/",
      "DocumentTranslation": "https://venkat123.cognitiveservices.azure.com/",
      "TextTranslation": "https://venkat123.cognitiveservices.azure.com/",
      "TextTranslation-Global": "https://api.cognitive.microsofttranslator.com/",
      "Token": "https://venkat123.cognitiveservices.azure.com/"
    },

    Now, you need to create an app registration and assign the Cognitive Services User by referring to the above document.

    In my environment, I disabled local authentication and checked with the command below.

    Command and output:

    PS /home/venkat> Get-AzCognitiveServicesAccount -ResourceGroupName venkatesan-rg -name sampletext901  

ResourceGroupName             : venkatesan-rg
AccountName                   : sampletext901
Id                            : /subscriptions/xxxx/resourceGroups/venkatesan-rg/providers/Microsoft.CognitiveServices/accounts/sampletext901
Endpoint                      : https://api.cognitive.microsofttranslator.com/
Location                      : global
Sku                           : Microsoft.Azure.Management.CognitiveServices.Models.Sku
AccountType                   : TextTranslation
ResourceType                  : Microsoft.CognitiveServices/accounts
Etag                          : "2500xx-0000-0700-0000-66594c060000"
ProvisioningState             : Succeeded
CustomSubDomainName           : venkat123
PublicNetworkAccess           : Enabled
Identity                      : 
Encryption                    : 
UserOwnedStorage              : 
PrivateEndpointConnections    : {}
ApiProperties                 : 
Properties                    : Microsoft.Azure.Management.CognitiveServices.Models.AccountProperties
RestrictOutboundNetworkAccess : 
AllowedFqdnList               : 
DisableLocalAuth              : True
NetworkRuleSet                : 
Capabilities                  : {CustomerManagedKey}

    Output: enter image description here

    You can use the code below to TextTranslationClient with Microsoft Entra ID using .Net by following this MS-Document.

    Code:

    using Azure;
using Azure.AI.Translation.Text;
using Azure.Identity;


string endpoint = "https://venkat123.cognitiveservices.azure.com/";
string tenantId = "xxxxx";
string clientId = "xxxx";
string clientSecret = "xxxx";

ClientSecretCredential credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

TextTranslationClient client = new TextTranslationClient(credential, new Uri(endpoint));

try
{
    string targetLanguage = "cs";
    string inputText = "This is a test.";

    Response<IReadOnlyList<TranslatedTextItem>> response = client.Translate(targetLanguage, inputText);
    IReadOnlyList<TranslatedTextItem> translations = response.Value;
    TranslatedTextItem translation = translations.FirstOrDefault();

    Console.WriteLine($"Detected languages of the input text: {translation?.DetectedLanguage?.Language} with score: {translation?.DetectedLanguage?.Confidence}.");
    Console.WriteLine($"Text was translated to: '{translation?.Translations?.FirstOrDefault().TargetLanguage}' and the result is: '{translation?.Translations?.FirstOrDefault()?.Text}'.");
}
catch (RequestFailedException exception)
{
    Console.WriteLine($"Error Code: {exception.ErrorCode}");
    Console.WriteLine($"Message: {exception.Message}");
}

    Output:

    Detected languages of the input text: en with score: 1.
Text was translated to: 'cs' and the result is: 'Tohle je test.'.

    enter image description here