0

I've written a tool to setup Azure Web Apps, Databases, Storage accounts etc. Wt works quite well with general Azure. However, I'd now like to apply the same to Azure China now. Now I'm looking for the correct Urls to get a Token form the Active Directory to even access the API endpoint.

I'm going of these instructions: https://msdn.microsoft.com/en-us/library/azure/dn722415.aspx These settings for Azure work perfectly:

oAuthAuthorizationEndpoint="https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize?api-version=1.0" apiEndpoint="https://management.core.windows.net/"

These are the Azure China urls that I'm using:

oAuthAuthorizationEndpoint="https://login.chinacloudapi.cn/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize?api-version=1.0" apiEndpoint="https://management.core.chinacloudapi.cn/"

I can now login successfully using TokenCloudCredentials and the above settings.

this.Credentials = new TokenCloudCredentials(config.SubscriptionId, this.AuthenticationResult.AccessToken);
this.ResourceManagement = new ResourceManagementClient(this.Credentials, new Uri(config.ApiEndpoint));
var resourceGroups = this.ResourceManagement.ResourceGroups.ListAsync(new ResourceGroupListParameters(), CancellationToken.None).Result.ResourceGroups;
Console.WriteLine("ResourceGroupe: {0}", string.Join(", ", resourceGroups.Select(x => string.Format("{0}", x.Name)).ToArray()));

However as soon as I'm trying to access an API as shown above, I'm getting the following exception: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

It's the same exception is thrown by calling this.ResourceManagement.Providers.RegisterAsync("Microsoft.Storage")

Has anyone been able to successfully use the Management API for Azure China? How did you do it?

I'm pretty confident that all my Guids are valid and all the permissions are set correctly. Since I compared it to my working Azure counterpart.

(Guids are obviously masked)

Community
  • 1
  • 1
Sam7
  • 3,382
  • 2
  • 34
  • 57
  • 1
    I wrote a blog post (http://wblo.gs/dpL) in 2013 about the different between azure worldwide and China. At that time the management API was https://management.core.chinacloudapi.cn. From the code you provided I doubted it might because you authenticated through worldwide but accessed China azure, as they are not using the same membership provider (i.e. in worldwide you can login by your MS ID but you can't for azure China). In azure China it's relying on AAD for authentication. Maybe this is the reason I guess. – Shaun Xu May 26 '15 at 00:38
  • Tanks for that hint. I'm now using https://login.chinacloudapi.cn/[...]/oauth2/authorize and the login works successfully. However the API is throwing me a new exception. -> I've updated the question accordingly – Sam7 May 26 '15 at 01:25
  • Do you have a subscription that has access to the China Regions? If not then your calls will not succeed. – Simon W May 26 '15 at 01:52
  • Yes I do. I can access my account through manage.windowsazure.cn and I have taken the subscription id, tenant id & client id from that account. Created the Application on the AD with sufficient permissions etc. – Sam7 May 26 '15 at 02:19
  • I'm not pretty sure if resource management stuff had been deployed in Azure China or not. Normally new features in worldwide would be deployed in China in several months I think. Could you please use some "traditional" management APIs to make sure the authentication and URL works, then try resource management API. – Shaun Xu May 26 '15 at 08:16
  • I tried ResourceGroups, SQL Database, StorageV2, WebApps, ServiceBus. - they all throw the same error. But I am using the latest libraries. – Sam7 May 26 '15 at 23:21
  • @ShaunXu do you know what the China equivalent of the REST API base url is? The counterpart to management.azure.com – Sam7 May 28 '15 at 02:45
  • I guess it's https://management.core.chinacloudapi.cn – Shaun Xu May 28 '15 at 03:01
  • @Sam7 Have you fixed this in the meantime? I'm having exactly the same issue when calling the Azure China REST API from Powershell. – Boland Apr 17 '17 at 08:00

0 Answers0