How to authenticate Azure Service Management Requests via AAD

Question

I've tried 3 ways with no result:

According to this article https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx I've registered new web application in AAD with permissions to Access Azure Service Management API (steps 1-9) and written the recommended two lines of code to acquire the token:

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));

, but it fails with the exception:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931

Also I've tried:

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));

where clientSecret is secret app key of my application. This version returns a token, but requests with this token returns 403 Forbidden:The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

The last, I've found http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx, which recommends:

    var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));

    // TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
    string user = "{YOUR-USERID]";
    string pwd = "{YOUR-USER-PASSWORD}";
    var userCred = new UserCredential(user, pwd);

    AuthenticationResult result =
    await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);

but it also fails with the same exception as in the first case...

Could you please assist me?

Changing to native means that you are authenticated on behalf of the user, so you didnt find a solution where its the application thats authenticated to talk with the api? — Poul K. Sørensen, Dec 02 '15 at 10:55

score 7 · Accepted Answer · answered Nov 15 '15 at 12:47

7

You should change the "Application Type" to "NATIVE CLIENT APPLICATION" while creating the application in the Azure portal.

answered Nov 15 '15 at 12:47

kerem

2,639
1
29
37

Thank you @kerem, 1st and 3rd approaches works with "Native Client App"! – Vlad Bilyk Dec 02 '15 at 08:54
4

Is this possible after it has been created? – Manuel Hernandez Jan 10 '17 at 02:23

How to authenticate Azure Service Management Requests via AAD

1 Answers1

Linked