0

How can I resolve an unauthorized error when using Azure Management API?

Note: I would prefer to resolve this programmatically (in code) instead of running commands/scripts.

Objective:

I need to retrieve function names from a Function App in Azure.

Example:

  var current        = Pulumi.Azure.Core.GetClientConfig.InvokeAsync().Result;
  var subscriptionId = current.SubscriptionId;
  var appName        = functionApp.Name;

  var url = $"GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{appName}/functions?api-version=2022-03-01";

  var httpClient = new HttpClient();
  var result     = await httpClient.GetAsync(url);

  if (!result.IsSuccessStatusCode) throw new Exception($"Error: Failed to retrive Azure function names from {appName}");

  var json = result.Content.ReadAsStringAsync();

Thoughts:

I think I need to create a bearer token but do not know the steps required.

Improve this question
1

1 Answer 1

Reset to default
2

I tried to reproduce the same in my environment via Postman and got same error as below:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{appName}/functions?api-version=2022-03-01

enter image description here

To resolve the error, you need to generate bearer token for the service principal and include it in headers section with Authorization parameter.

I registered one Azure AD application in my tenant like this: Go to Azure Portal -> Azure Active Directory -> App registrations -> New registration

enter image description here

Now, create one client secret in that application and copy its value like below:

enter image description here

Make sure to assign proper role based on your requirement. I assigned Reader role to the above service principal under my subscription like below:

Go to Azure Portal -> Subscriptions -> Your Subscription -> Access control (IAM) -> Add role assignment

enter image description here

In my function app, I created one HTTP function named SriHTTP like below:

enter image description here

Now, I generated access token via Postman with below parameters:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

grant_type:client_credentials
client_id: <appID>
client_secret: <secret_value>
scope: https://management.azure.com/.default

Response:

enter image description here

I got the results successfully when I used the above token to call management API like below:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{appName}/functions?api-version=2022-03-01
Authorization: Bearer <token>

Response:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thanks for the detailed answer. I receive a gran_type error when attempting to post using PostMan. What authorization type do I use in PostMan on the Authorization tab?
Are you getting that grant_type error while acquiring token? Can you include the snip of Postman once to know what exactly the issue is?
{ "error": "invalid_request", "error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: some_guid\r\nCorrelation ID: some_guid\r\nTimestamp: 2022-12-28 12:00:17Z", "error_codes": [ 900144 ],
I assign the value "client_credentials" to grant_type.
If you are passing the parameters under Params or any, instead of Body section, you may get error like this.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.