Azure Resource manager .Net API fails to get Resource group

3.4k views Asked by At

I am trying to write a standalone program to access Azure Resource group details using Azure resource manager .Net library. As the per the documentation it requires Azure AD authentication and token in every resource manager request. So i created a web app in AD and configured secret key and using it to generate token.

But below code is failing even though I pass this token as bearer in request.

m_resourceClient = new ResourceManagementClient(connection.GetCredentials());
m_resourceClient.HttpClient.DefaultRequestHeaders.Authorization = new     AuthenticationHeaderValue("bearer", connection.GetAccessToken());
***ResourceGroupGetResult resourceGroupList = m_resourceClient.ResourceGroups.Get("PraveenTest")*** ;

Error message:

AuthorizationFailed: The client '5919f7f9-####-####-####-074456eba98c' with object id '5919f7f9-####-####-####-074456eba98c' does not have authorization to perform action 
'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/1f94c869-####-####-####-055e8ae15be3/resourcegroups/TestGroup'.
1

There are 1 answers

6
BenV On BEST ANSWER

Your bearer token is valid, but you also need to grant your application access to the resource group.

You can do this with the following PowerShell command:

New-AzureRmRoleAssignment 
   -ObjectId '5919f7f9-####-####-####-074456eba98c' `
   -ResourceGroupName TestGroup `
   -RoleDefinitionName Reader

If you're using an Azure PowerShell version < 1.0, then the cmdlet is New-AzureRoleAssignment.

I'd recommend Dushyant Gill's blog post on authenticating ARM requests.