0

I'm working on a small application to connect to Microsoft Azure, list all databases belonging to a certain resource group, and export all said databases. I'm using the Microsoft.WindowsAzure.Management.Sql library for this.

Following this guide, I've managed to set up an app registration in AD for my application and assign it the Owner role (for testing), authenticate with Azure and get an access token.

However, when I try to use that token to perform any operations on the database (such as listing all databases, using IServerOperations.List), I get the following exception:

ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

The tenant ID, subscription ID, client ID and client secret are all correct, and changing any of them results in a different exception, already at the authentication stage.

How can I fix this? If the correct answer is "switch to Microsoft.Azure.Management.Sql" I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
valderman
  • 8,365
  • 4
  • 22
  • 29
  • You need to remove or clear the Azure account first, get authenticated by adding the new Azure Account por the tenant, after that you select a subscription Id. – Alberto Morillo Jul 16 '18 at 12:43

1 Answers1

1

HIf the correct answer is "switch to Microsoft.Azure.Management.Sql" I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening.

Microsoft.WindowsAzure.Management.Sql implements the ASM API(Azure old API).

The reason you're getting this error is because you're trying to authenticate/authorize an Azure Resource Manager (ASM) API with application permission. But Service Management API is a delegated permission and not an application permission.

For more detail information about how to authenticate for ASM and ARM Rest API, please refer to another SO thread.

How can I fix this?

Microsoft.Azure.Management.Sql implements the ARM API. As you mentioned that you could use the Microsoft.Azure.Management.Sql to instand of Microsoft.WindowsAzure.Management.Sql

or you could use X509 Certificate based authorization to authorize your ASM API requests. For more information about how to authenticate using a management certificate, you could refer to this tutorial.

Note: It is recommanded that to use Microsoft.Azure.Management.Sql to instead of Microsoft.WindowsAzure.Management.Sql

Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47
  • Thanks, this was exactly the kind of answer I was looking for! Switching over to the `Microsoft.Azure` API indeed solved the problem, and thanks to this answer we now know why it did. :) – valderman Jul 18 '18 at 07:43