0

I would like to be able to get information about one of my Azure SQL databases using this call: https://learn.microsoft.com/en-gb/rest/api/sql/manageddatabases/manageddatabases_get

When I use the Try It button and login to my account it works perfectly, however I can't get my C# function app to get an authentication token so it can work in C#. I've spent 3 days on this. I have tried the Keyvault way but haven't managed to set up the permissions correctly. Forgetting Keyvault, the nearest I've got I think is by using this code but I don't know what my app password is:

    // I am using:
    // tenant id is the Azure AD client id
    // client id is the application id of my function app in Azure AD
    public static string GetAccessToken(string tenantId, string clientId, string clientSecret)
    {
        var authContextUrl = "https://login.windows.net/" + tenantId;
        var authenticationContext = new AuthenticationContext(authContextUrl);
        var credential = new ClientCredential(clientId, clientSecret );
        var result = authenticationContext.AcquireTokenAsync(resource: "https://management.azure.com/", clientCredential: credential).Result;

        if (result == null)
        {
            throw new InvalidOperationException("Failed to obtain the JWT token");
        }

        var token = result.AccessToken;
        return token;
    }
Improve this question
2
  • Using your method, you need to create a Service Principle. Then you need to grant the SP the required permissions on your Azure resources: learn.microsoft.com/en-us/azure/azure-resource-manager/… Commented Oct 17, 2018 at 9:55
  • Actually, the tenantId is the Azure AD directoryId. The clientId is the applicationId and the clientSecret is the key which is set in the Azure Ad App registered. You could refer to this article. Commented Oct 29, 2018 at 6:20

2 Answers 2

Reset to default
1

When I use the Try It button and login to my account it works perfectly

When you click the Try it, you use the user credential with username and user_password to authenticate. And the code you provided is using App registered in Azure AD to authenticate, and it would work well with the following steps you have followed.

1.As silent said, you need to create a Service Principle in Azure Active Directory. You could refer to this article.

2.The Sign in value about TenantId, clientId and clientSecret you could refer to this link.

3.Finally, you would access to Azure SQL Database, you need to add permission to you Azure AD App. Click the App you registered in Azure AD before and click Settings, and add Require Permission. After adding API access, Grant Permission. enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for this. I have tried everything you said but I am not getting the option to add permissions for Azure SQL database. Am I missing something? (so my app authhentications but I then get an error when I try to get database information for example).
0

I found an answer that worked for me (after 3 days of trying different things and trying to read articles about it on the web - its not very well documented I don't think).

This link contains some powershell steps:

https://msftstack.wordpress.com/2016/01/03/how-to-call-the-azure-resource-manager-rest-api-from-c/

These are the steps I tried in PowerShell

Login-AzureRmAccount
Get-AzureRmSubscription
Select-AzureRmSubscription –SubscriptionID “id” 
$SecurePassword=ConvertTo-SecureString <my password> –asplaintext –force
$azureAdApplication = New-AzureRmADApplication -DisplayName “my ARM App” -HomePage 
“https://<a home page>” -IdentifierUris “https://<a home page>” -Password $SecurePassword
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId
Get-AzureRmSubscription
$subscription = Get-AzureRmSubscription –SubscriptionId "id"
$creds=get-credential
(enter application id and password at this point)
Login-AzureRmAccount -Credential $creds -ServicePrincipal -Tenant $subscription.TenantId
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.