Azure - Programmatically Create Storage Account

Question

I have tried the following code to create a new storage account in Azure:

Getting the token (success - I received a token):

var cc = new ClientCredential("clientId", "clientSecret");
var context = new AuthenticationContext("https://login.windows.net/subscription");
var result = context.AcquireTokenAsync("https://management.azure.com/", cc);

Create cloud storage credentials:

var credential = new TokenCloudCredentials("subscription", token);

Create the cloud storage account (fails):

using (var storageClient = new StorageManagementClient(credentials))
{
    await storageClient.StorageAccounts.CreateAsync(new StorageAccountCreateParameters
    {
        Label = "samplestorageaccount",
        Location = LocationNames.NorthEurope,
        Name = "myteststorage",
        AccountType = "RA-GRS"
    });
}

Error:

ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

I am not sure if this is one of those misleading messages or if I misconfigured something in Azure?

Answer 1

As far as I know, Azure provides two types of storage management library now.

Microsoft.Azure.Management.Storage
Microsoft.WindowsAzure.Management.Storage

Microsoft.Azure.Management.Storage is used to create new ARM storage.

Microsoft.WindowsAzure.Management.Storage is used to create classic ARM storage.

I guess you want to create the new arm storage but you used the "Microsoft.WindowsAzure.Management.Storage" library. Since the "Microsoft.WindowsAzure.Management.Storage" uses the certificate to auth requests, you will get the error. If you want to know how to use "Microsoft.WindowsAzure.Management.Storage" to create classic storage, I suggest you refer to this article.

I assume you want to create new ARM storage, I suggest you install the "Microsoft.Azure.Management.Storage" Nuget package.

More details, you could refer to the following code.

    static void Main(string[] args)
    {
        var subscriptionId = "your subscriptionId";
        var clientId = "your client id";
        var tenantId = "your tenantid";
        var secretKey = "secretKey";
        StorageManagementClient StorageManagement = new StorageManagementClient(new Microsoft.Azure.TokenCloudCredentials(subscriptionId, GetAccessToken(tenantId, clientId, secretKey)));
       
        var re= StorageManagement.StorageAccounts.CreateAsync("groupname", "sotrage name",new Microsoft.Azure.Management.Storage.Models.StorageAccountCreateParameters() {
              Location = LocationNames.NorthEurope,
             AccountType = Microsoft.Azure.Management.Storage.Models.AccountType.PremiumLRS
        },new CancellationToken() { }).Result;

        Console.ReadKey();
    }

    static string GetAccessToken(string tenantId, string clientId, string secretKey)
    {
        var authenticationContext = new AuthenticationContext($"https://login.windows.net/{tenantId}");
        var credential = new ClientCredential(clientId, secretKey);
        var result = authenticationContext.AcquireTokenAsync("https://management.core.windows.net/",
            credential);

        if (result == null)
        {
            throw new InvalidOperationException("Failed to obtain the JWT token");
        }

        var token = result.Result.AccessToken;
        return token;
    }