azure-signalr
azure-signalr copied to clipboard
Azure
Big number of requests made to SignalR Service using Managed Identities
Describe the bug
We are observing a big number of authentication (token generation) requests made to SignalR Service with Managed Identities.
Our services are hosted with Kubernetes, and we are using the mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.0 image for one of our containers to associate pod identities.
Lately we noticed a huge number of requests made by our aad-pod-identity container for https://signalr.azure.com which we believe are authentication/token-generation requests.
by a huge number I mean 8309 requests during a little less than 4 hours.
Example for some of the logs:
2022-07-12T20:00:00Z I0712 20:00:05.116504 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.116508 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.116623 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.116697 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.116752 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.138968 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.164610 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.171979 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.171978 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.175762 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.239293 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:05.351882 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:07.291576 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:07.298987 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:07.338822 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:07.351186 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
2022-07-12T20:00:00Z I0712 20:00:07.355384 1 standard.go:179] matched identityType:0 clientid:5f79##### REDACTED #####f26a resource:https://signalr.azure.com
We are struggling to understand what may be causing this big number of requests, and whether this is a bug or is behaving as intended.
A bit more our system and architecture- We have about 6 services (different containers) connected to the same Azure SignalR Service, and each service is connected to the same SignalR Hub and handle new user connections the same way by adding users to the same groups.
Further technical details
- Your Azure SignalR SDK version -
1.18.1 - Your Server ASPNETCORE version or Assembly version of
Microsoft.AspNetCore.SignalR-6.0.6
@MoaidHathot Could you share your resourceId with us so we could check the server log to see what happened at that time?
Hi @terencefan, is it safe to post here the ArmResourceId of the services? We have two SignalR Services, one primary and one secondary. I can send you the Ids privately as well via Teams.