1

I would like to create an MVC application, where users can be authorized with their Azure subscription and after that my application can manage their resources hosted in Microsoft Azure (VM-s, Web Sites, etc.)

I created an application with the help of this tutorial.

I can create cloud storages, VMs, etc, so it seems works fine.

After that I tried to log in with a different Azure account. I can get the Subscription, but I can't manage the resources of that user, I always get an exception:

Additional information: AuthenticationFailed: A security token exception occured for the received JWT token.

It seems that with this technique I can manage only my resources.

My question is how can I do the following with every other user? Can I do this with this method or I have to make it another way?

Gábor Domonkos
  • 1,081
  • 1
  • 17
  • 33
  • How different is this question with your other question - http://stackoverflow.com/questions/26019352/authenticate-users-and-manage-their-resources-in-microsoft-azure? – Gaurav Mantri Sep 26 '14 at 14:14
  • You are saying that my users have to set up an AD as I did in this example? It's so complicated, isn't it? In this scenario they have to provide the tenant id, app id, etc, and after they have to log in. I think there have to be an easier way to solve this problem. – Gábor Domonkos Sep 26 '14 at 14:36
  • 1
    I think I misunderstood your question. I thought you logged in into a different subscription all together but if I understand correctly you basically logged in into same subscription but with a different user id. Am I correct? – Gaurav Mantri Sep 26 '14 at 14:38
  • Maybe I couldn't explain my problem perfectly. Just image that I can give you a solution which can create a web site inside your Azure subscription. You are not inside my subscription. You log in, select your Azure subscription and inside that subsciprtion my app create for example a Cloud Service. – Gábor Domonkos Sep 26 '14 at 14:53
  • 1
    check this out http://msdn.microsoft.com/en-US/library/azure/dn132599.aspx#BKMK_MultiT, talked about how to Configuring Multi-Tenant Applications – liuhongbo Sep 29 '14 at 01:38

1 Answers1

2

The application you are creating is allowed to access your resources, and not the resources of other subscriptions. If you want to manage other subscriptions you would need to have one application defined as in the tutorial for every subscription you want to manage.

AFAIK, there is no API to create an application in AAD, therefore your scenario would require users to manually create these applications, which seems to me a dealbreaker.

vainolo
  • 6,907
  • 4
  • 24
  • 47