0

I am trying to get the configuration of one of my web apps using the C# .NET SDK. I want to use an Azure AD Application instead of a Management Certificate (which I have previously got working).

I have the following code:

var subscriptionId = "<subscription-guid>";
var appId = "<app-guid>";
var appKey = "<app-key>";
var tenantId = "<tenant-guid>";

var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(appId, appKey);
var tokenResponse = context.AcquireTokenAsync("https://management.core.windows.net/", clientCredential).Result;
var accessToken = tokenResponse.AccessToken;

var myWebspace = "<my-webspace>";
var myWebsite = "<my-website>";

var client = new WebSiteManagementClient(new TokenCloudCredentials(subscriptionId, accessToken));
var config = client.WebSites.GetConfigurationAsync(myWebspace, myWebsite).Result;

...but it is throwing the following error on the last line:

Microsoft.WindowAzure.CloudException
ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

What could be wrong? I have created the application and given it the following permissions:

Windows Azure Service Management

Application Permissions: 0

Delegated Permissions: 1

Access Azure Service Management as organization users (preview)

Windows Azure Active Directory

Application Permissions: 0

Delegated Permissions: 1

Sign in and read user profile

Thanks in advance

Chris

ChrisBellew
  • 1,144
  • 2
  • 12
  • 27
  • Please see this thread for possible reasons for the error you're getting: http://stackoverflow.com/questions/35190866/error-making-azure-management-library-api-call-when-authenticating-with-azure-ac – Gaurav Mantri Nov 07 '16 at 09:04

1 Answers1

0

As Gaurav mentioned in another SO thread. We can switch to Azure Resource Manager API. Another important thing is that we also need to create service principal to access resources. We can use azure PowerShell command to do it easily. More detail steps about how to registry a web app in the Azure AD and create service principal please refer to article.

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.ApplicationId.Guid

Microsoft.Azure.Management.WebSites SDK that implement WebApp Resource Management API. It is a pre-release version. The following is my code sample:

 var subscriptionId = "Your subscription Id";
 var appId = "Application Id";
 var appKey = "secret key";
 var tenantId = "tenant id";
 var serviceCreds = ApplicationTokenProvider.LoginSilentAsync(tenantId, appId, appKey).Result;
 var webClient = new WebSiteManagementClient(serviceCreds) { SubscriptionId = subscriptionId };
 var result = webClient.Sites.GetSiteConfigWithHttpMessagesAsync("ResourceGroup Name", "Web App name").Result;

Package file:

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Microsoft.Azure.Management.Websites" version="1.3.2-preview" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.1" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime" version="2.3.1" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.1.0" targetFramework="net452" />
  <package id="Microsoft.Rest.ClientRuntime.Azure.Authentication" version="2.2.4.1-preview" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net452" />
</packages>

Demo test result:

enter image description here

Avalanchis
  • 4,500
  • 3
  • 39
  • 48
Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47