'Azure SqlManagementClient - Forbidden with TokenCloudCredentials

I am trying to connect to my SQL server in azure and list the dbs from a .net application, but I keep getting

ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

even though i am trying to use the Sql Management client with TokenCloudCredentials. 

var authContext = new AuthenticationContext(authority);
var clientCredential = new ClientCredential(clientId, appKey);
var result = authContext.AcquireTokenAsync(resource, clientCredential).Result;
var credentials = new Microsoft.Azure.TokenCloudCredentials(subscriptionId, result.AccessToken);
var client = new SqlManagementClient(credentials);
try
    {
        var servers = await client.Servers.ListAsync();
    }
    catch (CloudException c)
    {
        Console.WriteLine(c.Message);
        throw;
    }

The AD application have permissions to access the resource group and the Azure Management API. Any ideas why it keeps complaining about a certificate, while using token?

EDIT: I managed to do it using the "new" fluent management API. You need to create an AD application associated with the subscription and have access to the resource group. Then just create credentials and initialize the fluent API.

using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace AzureManagement
{
    public class Program
    {
        public static void Main(string[] args)
        {
            var azureCredentials = new AzureCredentials(new
                ServicePrincipalLoginInformation
            {
                ClientId = "clientId",
                ClientSecret = "clientSecret="
            }, "tenantId", AzureEnvironment.AzureGlobalCloud);

            var _azure = Azure
           .Configure()
           .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
           .Authenticate(azureCredentials)
           .WithSubscription("subscriptionId");

            var sql = _azure.SqlServers.List().ToList();
            foreach (var s in sql)
            {
                var dbs = s.Databases.List().ToList();
            }
            Console.ReadLine();
        }
    }
}
c++sharpazureazure-sql-databaseazure-management-api


Solution 1:[1]

I am not sure if this is supported. Please create a support case for this problem.

Solution 2:[2]

The code works like this. You have to assign a role - in my use case I assigned the contributor role to the App registration, on to the Ressource Group

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 MirekS SQL PM
Solution 2 Gerwald

Related Questions