I am trying to connect to the Azure Service Management APi, using C#, but the only way the example (https://msdn.microsoft.com/en-gb/library/azure/ee460782.aspx) works if through an interactive authentication method, requiring me to enter my Azure username and password. As we will want to call this method from within a worker role, this won't be possible. Is there a way of doing this?
As we will want to call this method from within a worker role, this won't be possible. Is there a way of doing this?
There are two ways of doing it:
Connect to your Azure Subscription using X509 Certificate: Though not recommended based on the direction in which Azure is going but it is an option.Create a user in Azure AD just for executing Service Management API: In this approach what you will do is create a user in your Azure AD. Then you will assign this user a Co-Admin role in your Azure Subscription (both of them should be done through old Azure Portal). Once you do that, you would need to get the token by specifying the username/password in your code. Something like below:
var authContext = new AuthenticationContext("https://login.microsoftonline.com/{tenantid}")
UserCredential userCredential = new UserCredential(userName, password);
AuthenticationResult authResult = authContext.AcquireToken("https://management.core.windows.net/", clientId, userCredential);
However, please keep in mind a few things:
Graph API directly you can achieve these.If possible, please see if using Azure Resource Manager (ARM) API is an option for you for managing your subscription instead of Service Management API. With Role-based access control (RBAC) in ARM API, you can simply create a Service Principal type user and grant them only the permissions they need. No need to make them a co-admin on your subscription.