I am receiving StatusCode: 403, ReasonPhrase: 'Forbidden' for an HTTP Post:
URL: $"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{appName}/functions/{functionName}/listkeys?api-version=2022-03-01";
StatusCode: 403, ReasonPhrase: 'Forbidden'
Client:
The following is my client code:
let tenantId = "<some_tenant_id>"
let clientId = "<some_client_id>"
let secret = "<some_secret>"
let scope = "<some_scope>"
let token = BearerToken.Create(tenantId, clientId, secret, scope).Result
let tokenRequestBody = Dictionary<string, string>()
tokenRequestBody.Add("grant_type" , "client_credentials")
tokenRequestBody.Add("client_id" , clientId)
tokenRequestBody.Add("client_secret", secret)
tokenRequestBody.Add("scope" , scope)
let content = new FormUrlEncodedContent(tokenRequestBody);
let httpKeysClient = new HttpClient();
httpKeysClient.DefaultRequestHeaders.Authorization <- new AuthenticationHeaderValue("Bearer", token);
httpKeysClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
let subscriptionId = "<some_scubscription_id>"
let resourceGroupName = "<some_resource_group_name>"
let appName = "<some_function_app_name>"
let functionName = "<some_function_name>"
let apiKeyUrl = $"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{appName}/functions/{functionName}/listkeys?api-version=2022-03-01";
let response = httpKeysClient.PostAsync(apiKeyUrl, content).Result;
response.IsSuccessStatusCode |> should equal true // ** StatusCode: 403, ReasonPhrase: 'Forbidden' **
Appendix:
The code for creating an authorization token works:
public static class BearerToken
{
public async static Task<string> Create(string tenantId, string clientId, string clientSecret, string scope)
{
var tokenRequestBody = new Dictionary<string, string> {
{ "grant_type" , "client_credentials" },
{ "client_id" , clientId },
{ "client_secret", clientSecret },
{ "scope" , scope }
};
var url = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";
var client = new HttpClient() { BaseAddress = new Uri(url) };
var content = new FormUrlEncodedContent(tokenRequestBody);
var response = await client.PostAsync("", content);
if (response.IsSuccessStatusCode)
{
var tokenResponse = await response.Content.ReadAsStringAsync();
var valueFor = JsonConvert.DeserializeObject<JsonSupport.AccessToken.Root>(tokenResponse);
return valueFor.access_token;
}
throw new Exception(response.ReasonPhrase);
}
}