azureazure-text-translation

Disable local auth for Azure Translator


I am required to disable local auth for the Azure Cognitive services including the Translator resource and migrate to using TokenCredential.

There is 0 mention in the docs of how to use TokenCredential with a translator resource even though TextTranslationClient can be constructed with an instance of TokenCredential. As expected using DefaultAzureCredential results in 401.

Disabling local authentication breaks the old setup that was getting a token by calling https://api.cognitive.microsoft.com/sts/v1.0/issueToken with a primary key.


Solution

  • Disable local authentication for Azure Translator.

    According to MS-Document,

    If you disable local authentication (key authentication), you should use the Microsoft entra ID authentication only that means resource should be created with custom subdomain.

    To authenticate with Microsoft entra ID, I followed the above document and created a resource with a custom domain using the command below.

    Command:

    az cognitiveservices account create -n sampletext901 -g xxxx --kind TextTranslation --sku S1 -l global --custom-domain "venkat123" 
    

    After creation, the Endpoint should show the subdomain name unique to your resource.

    Output with Endpoints:

    "endpoint": "https://api.cognitive.microsofttranslator.com/",
        "endpoints": {
          "Container": "https://venkat123.cognitiveservices.azure.com/",
          "DocumentTranslation": "https://venkat123.cognitiveservices.azure.com/",
          "TextTranslation": "https://venkat123.cognitiveservices.azure.com/",
          "TextTranslation-Global": "https://api.cognitive.microsofttranslator.com/",
          "Token": "https://venkat123.cognitiveservices.azure.com/"
        },
    

    Now, you need to create an app registration and assign the Cognitive Services User by referring to the above document.

    In my environment, I disabled local authentication and checked with the command below.

    Command and output:

    PS /home/venkat> Get-AzCognitiveServicesAccount -ResourceGroupName venkatesan-rg -name sampletext901  
    
    ResourceGroupName             : venkatesan-rg
    AccountName                   : sampletext901
    Id                            : /subscriptions/xxxx/resourceGroups/venkatesan-rg/providers/Microsoft.CognitiveServices/accounts/sampletext901
    Endpoint                      : https://api.cognitive.microsofttranslator.com/
    Location                      : global
    Sku                           : Microsoft.Azure.Management.CognitiveServices.Models.Sku
    AccountType                   : TextTranslation
    ResourceType                  : Microsoft.CognitiveServices/accounts
    Etag                          : "2500xx-0000-0700-0000-66594c060000"
    ProvisioningState             : Succeeded
    CustomSubDomainName           : venkat123
    PublicNetworkAccess           : Enabled
    Identity                      : 
    Encryption                    : 
    UserOwnedStorage              : 
    PrivateEndpointConnections    : {}
    ApiProperties                 : 
    Properties                    : Microsoft.Azure.Management.CognitiveServices.Models.AccountProperties
    RestrictOutboundNetworkAccess : 
    AllowedFqdnList               : 
    DisableLocalAuth              : True
    NetworkRuleSet                : 
    Capabilities                  : {CustomerManagedKey}
    

    Output: enter image description here

    You can use the code below to TextTranslationClient with Microsoft Entra ID using .Net by following this MS-Document.

    Code:

    using Azure;
    using Azure.AI.Translation.Text;
    using Azure.Identity;
    
    
    string endpoint = "https://venkat123.cognitiveservices.azure.com/";
    string tenantId = "xxxxx";
    string clientId = "xxxx";
    string clientSecret = "xxxx";
    
    ClientSecretCredential credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
    
    TextTranslationClient client = new TextTranslationClient(credential, new Uri(endpoint));
    
    try
    {
        string targetLanguage = "cs";
        string inputText = "This is a test.";
    
        Response<IReadOnlyList<TranslatedTextItem>> response = client.Translate(targetLanguage, inputText);
        IReadOnlyList<TranslatedTextItem> translations = response.Value;
        TranslatedTextItem translation = translations.FirstOrDefault();
    
        Console.WriteLine($"Detected languages of the input text: {translation?.DetectedLanguage?.Language} with score: {translation?.DetectedLanguage?.Confidence}.");
        Console.WriteLine($"Text was translated to: '{translation?.Translations?.FirstOrDefault().TargetLanguage}' and the result is: '{translation?.Translations?.FirstOrDefault()?.Text}'.");
    }
    catch (RequestFailedException exception)
    {
        Console.WriteLine($"Error Code: {exception.ErrorCode}");
        Console.WriteLine($"Message: {exception.Message}");
    }
    

    Output:

    Detected languages of the input text: en with score: 1.
    Text was translated to: 'cs' and the result is: 'Tohle je test.'.
    

    enter image description here