2

I received this error:

Unhandled Exception: Microsoft.Rest.Azure.CloudException: The client 'XXX' with object id 'XXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/YYY/resourcegroups/FluentRG' or the scope is invalid. If access was recently granted, please refresh your credentials.

I have logged in my Azure Account into VS Code, and I have granted permission to my email address as a contributor in my current subscription. Still, this exception is seen.

    using System;
    using Microsoft.Azure.Management.Compute.Fluent;
    using Microsoft.Azure.Management.Compute.Fluent.Models;
    using Microsoft.Azure.Management.Fluent;

    namespace RESTApp
    {
        class Program
        {
            static void Main(string[] args)
            {
                var azure = Azure.Authenticate("Azure-authentication.txt").WithDefaultSubscription();
                Console.WriteLine("Creating a new VM...");

                var windowsVM = azure.VirtualMachines.Define("VMCreatedWithFluent")
                    .WithRegion("West Europe")
                    .WithNewResourceGroup("FluentRG")
                    .WithNewPrimaryNetwork("10.0.0.0/28")
                    .WithPrimaryPrivateIPAddressDynamic()
                    .WithNewPrimaryPublicIPAddress("fluentdns")
              .WithPopularWindowsImage(KnownWindowsVirtualMachineImage.WindowsServer2012Datacenter)
                    .WithAdminUsername("serverAdmin")
                    .WithAdminPassword("mySuperSecurePassword18")
                    .WithSize(VirtualMachineSizeTypes.StandardDS3V2)
                    .Create();

                Console.WriteLine("Successfully created a new VM: {0}!", windowsVM.Id);
                Console.WriteLine("Press any key to exit...");
                Console.ReadLine();
    }
}

}

Improve this question
3
  • Have you confirmed that client ID 'XXX' is an Azure AD principal associated with your email address (and not, for example, an application service principal)? You can confirm this a number of ways, but the easiest may be the Azure Portal and finding your user in Azure AD. If it is you, confirm there are no Policies or Locks on the resource group which may be denying your action. Commented May 10, 2021 at 18:03
  • Could my reply solve your issue? Commented May 11, 2021 at 8:23
  • Thanks for answering, Joy! Your reply helped to resolve the issue. Commented May 14, 2021 at 9:23

1 Answer 1

Reset to default
2

I found the blog that you suppose to refer to(as the code is the same as yours and also uses Azure-authentication.txt to auth).

In this blog, it uses the service principal credentials in Azure-authentication.txt to auth, not your logged user account, to solve the issue, you need to assign an RBAC role to your service principal, just follow the step Setting up a Service Principal in the blog.

You can also do it in the portal, if you follow this blog exactly, the service principal is named FluentAPIApp, just navigate to the subscription in the portal -> Access control (IAM) -> search for its name and assign a Contributor to it like below.

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.