I am trying to write a standalone program to access Azure Resource group details using Azure resource manager .Net library. As the per the documentation it requires Azure AD authentication and token in every resource manager request. So i created a web app in AD and configured secret key and using it to generate token.
But below code is failing even though I pass this token as bearer in request.
m_resourceClient = new ResourceManagementClient(connection.GetCredentials());
m_resourceClient.HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", connection.GetAccessToken());
***ResourceGroupGetResult resourceGroupList = m_resourceClient.ResourceGroups.Get("PraveenTest")*** ;
Error message:
AuthorizationFailed: The client '5919f7f9-####-####-####-074456eba98c' with object id '5919f7f9-####-####-####-074456eba98c' does not have authorization to perform action
'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/1f94c869-####-####-####-055e8ae15be3/resourcegroups/TestGroup'.
Your bearer token is valid, but you also need to grant your application access to the resource group.
You can do this with the following PowerShell command:
If you're using an Azure PowerShell version < 1.0, then the cmdlet is
New-AzureRoleAssignment.I'd recommend Dushyant Gill's blog post on authenticating ARM requests.