Azure Storage Management Client authentication failure

Question

Using the Azure management APIs to access a storage account I use TokenCloudCredentials for authentication. This works fine for storage accounts under Resource Management but not for Classic storage accounts.

When trying to execute any method on a classic storage account client using TokenCloudCredentials I received this error message:

ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and associated with this subscription.

Now for the code- Working method for Azure Resource Manager

var clientId = "{clientID}";
var tenant = "{tenant GUID}";
var pw = "{password}";
var authenticationContext = new AuthenticationContext("https://login.windows.net/" + tenant);
var credential = new ClientCredential(clientId , pw);
Task<AuthenticationResult> tskGetToken = authenticationContext.AcquireTokenAsync(resource: "https://management.core.windows.net/", credential);
        AuthenticationResult token = tskGetToken.Result;
SubscriptionCloudCredentials creds = new TokenCloudCredentials("{subscription id}", token.AccessToken);
StorageManagementClient smc = new StorageManagementClient(creds);
Task<StorageAccountListKeysResponse> tskTargetKeysSource = smc.StorageAccounts.ListKeysAsync("{resource group}", "{storage account name");
            while (tskTargetKeysSource.Status != TaskStatus.RanToCompletion)
            {
                if (tskTargetKeysSource.Exception != null)
                    throw tskTargetKeysSource.Exception;
                Console.WriteLine("Running - Getting target storage account Storage Key");
                Thread.Sleep(2500);
            }

This works and I receive the storage keys back.

Broken method for Azure Classic Storage:

var clientId = "{clientID}";
var tenant = "{tenant GUID}";
var pw = "{password}";
var authenticationContext = new AuthenticationContext("https://login.windows.net/" + tenant);
var credential = new ClientCredential(clientId , pw);
Task<AuthenticationResult> tskGetToken = authenticationContext.AcquireTokenAsync(resource: "https://management.core.windows.net/", credential);
        AuthenticationResult token = tskGetToken.Result;
SubscriptionCloudCredentials creds = new TokenCloudCredentials("{subscription id}", token.AccessToken);
Microsoft.WindowsAzure.Management.Storage.StorageManagementClient classicSmc = new Microsoft.WindowsAzure.Management.Storage.StorageManagementClient(creds);
Task<StorageAccountGetKeysResponse> tskSourceKeysSource = classicSmc.StorageAccounts.GetKeysAsync("{storage account name}", new CancellationToken());
            while (tskSourceKeysSource.Status != TaskStatus.RanToCompletion)
            {
                if (tskSourceKeysSource.Exception != null)
                    throw tskSourceKeysSource.Exception;  // Exception thrown here
                Console.WriteLine("Running - Getting source storage account Storage Key");
                Thread.Sleep(2500);
            }

I am not sure what the difference is. The application that I am writing has proper permission in Azure Active directory and it has permissions on the appropriate resources (storage accounts, resource groups etc.). These operations are using the same subscription as well.

Please see if this answers your question: http://stackoverflow.com/questions/35190866/error-making-azure-management-library-api-call-when-authenticating-with-azure-ac/35194706#35194706. — Gaurav Mantri, Sep 21 '16 at 06:07
This does answer my question but it is not a good answer. It seems that the API for classic storage does not allow you to authenticate the request with Active Directory. — Jeremy, Sep 21 '16 at 19:24

Azure Storage Management Client authentication failure

0 Answers0