Geek Answers Handbook

Azure Billing Usage API returns 401 Unauthorized

I use the Azure REST API to get billing and tariff card usage information. To purchase a token using the AcquireToken () method, initially I used only the client ID, which then asks for the user credentials in the login window.

However, I am looking for a non-interactive approach , so I used Client Credentials, in which I transmitted the client identifier and the client’s secret key.

But it gives "Remote server returns error 401" Unauthorized "

When I am deeply mistaken, I find that it gives the error "The access token is the wrong audience or resource"

Please give me some solution with which I can access the API without any user interaction.

Thanks at Advance.

Here is my code:

{ string token = GetOAuthTokenFromAAD(); string requestURL = String.Format("{0}/{1}/{2}/{3}", ConfigurationManager.AppSettings["ARMBillingServiceURL"], "subscriptions", ConfigurationManager.AppSettings["SubscriptionID"], "providers/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId eq 'MS-AZR-*****' and Currency eq 'INR' and Locale eq 'en-IN' and RegionInfo eq 'IN'"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestURL); request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token); request.ContentType = "application/json"; HttpWebResponse response = (HttpWebResponse)request.GetResponse(); Console.WriteLine(String.Format("RateCard service response status: {0}", response.StatusDescription)); } public static string GetOAuthTokenFromAAD() { AuthenticationContext authenticationContext = new AuthenticationContext(string.Format("{0}/{1}",ConfigurationManager.AppSettings["ADALServiceURL"], ConfigurationManager.AppSettings["TenantDomain"])); AuthenticationResult result = null; ClientCredential uc = new ClientCredential(Client_Id, Secret_Key); try { result = authenticationContext.AcquireToken("https://management.core.windows.net/", uc); } return result.AccessToken; } //App Config File <add key="ADALServiceURL" value="https://login.microsoftonline.com" /> <add key="ADALRedirectURL" value="http://*****-authentication.cloudapp.net" /> <add key="ARMBillingServiceURL" value="https://management.core.windows.net" /> <add key="TenantDomain" value="********.onmicrosoft.com" /> <add key="SubscriptionID" value="*******-****-****-****-********" /> <add key="ClientId" value="*******-****-****-****-********" />
+6
source share
1 answer

Update. I also provided these methods as a class library of the secondary reuse library . You can find the same at this link: Azure Authentication - Authenticate any Azure API request in your application

Method 1: To use the password-based approach non-interactively, you first need to complete the following section “Password Authentication - PowerShell”: Service Principal Authentication with ARM

Then use the code snippet below to extract the token.

 var authenticationContext = new AuthenticationContext(String.Format("{0}/{1}", ConfigurationManager.AppSettings["ADALServiceURL"], ConfigurationManager.AppSettings["TenantDomain"])); var credential = new ClientCredential(clientId: "11a11111-11a1-111a-a111-1afeda2bca1a", clientSecret: "passwordhere"); var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential); if (result == null) { throw new InvalidOperationException("Failed to obtain the JWT token"); } string token = result.AccessToken; return token;

Alternatively (method 2) you can also use the certificate method. In this case, use the same link as above, but follow the "Certificate Authentication - PowerShell" section of this link. Then use the code snippet below to extract the token non-interactively:

  var subscriptionId = "1a11aa11-5c9b-4c94-b875-b7b55af5d316"; string tenant = "1a11111a-5713-4b00-a1c3-88da50be3ace"; string clientId = "aa11a111-1050-4892-a2d8-4747441be14d"; var authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenant)); X509Certificate2 cert = null; X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); string certName = "MyCert01"; try { store.Open(OpenFlags.ReadOnly); var certCollection = store.Certificates; var certs = certCollection.Find(X509FindType.FindBySubjectName, certName, false); //var certs = certCollection.Find(X509FindType.FindBySerialNumber, "E144928868B609D35F72", false); if (certs == null || certs.Count <= 0) { throw new Exception("Certificate " + certName + " not found."); } cert = certs[0]; } finally { store.Close(); } var certCred = new ClientAssertionCertificate(clientId, cert); var token = authContext.AcquireToken("https://management.core.windows.net/", certCred); var creds = new TokenCloudCredentials(subscriptionId, token.AccessToken); //var client = new ResourceManagementClient(creds); return token.AccessToken;
+1
source

More articles:


All Articles