Search code examples
.netazurepermissionsazure-batch

Microsoft Azure Batch Service Account Create from .NET

I was looking into creating a Microsoft Azure Batch Account from the .NET SDK. I was successful in authentication but I just came across this error:

Microsoft.Rest.Azure.CloudException: The client 'xxxxxxxxxxxxxxxxxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Batch/batchAccounts/write' over scope '/subscriptions/344cb101-b565-453f-83f3-87e9a13c4ddb/resourceGroups/bswbatch5RG/providers/Microsoft.Batch/batchAccounts/bbbbbbbbbtest'

Solution

  • According to your metioned exception, I assume that you don't assign right permissions to application, more details we could refer to the Assign application to role.

    enter image description here

    I also create a demo, it works correctly on my side. The following is my demo code.

        static string appId = "application name";
    static string secretKey = "scretkey";
    static string tenantId = "tenant id";
    private static readonly string _subscriptionId = "subscription Id";

    static void Main(string[] args)
    {
        var resourceGroupName = "resource Group name";
        var accountName = "batch account name";
        var location = "eastus2";// location
        var accessToken = GetAccessToken(tenantId, appId, secretKey).Result;
        BatchManagementClient batchManagementClient =
            new BatchManagementClient(new TokenCredentials(accessToken)) {SubscriptionId = _subscriptionId};
        var batchAccount = batchManagementClient.BatchAccount.Create(resourceGroupName, accountName, new BatchAccountCreateParameters() { Location = location });


    }
    public static async Task<string> GetAccessToken(string azureTenantId, string azureAppId, string azureSecretKey)
    {

        var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
        ClientCredential clientCredential = new ClientCredential(appId, secretKey);
        var tokenResponse = await context.AcquireTokenAsync("https://management.azure.com/", clientCredential);
        var accessToken = tokenResponse.AccessToken;
        return accessToken;
    }

    enter image description here

    Packages.config

    <?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Microsoft.Azure.Management.Batch" version="3.0.0" targetFramework="net461" />
  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.28.3" targetFramework="net461" />
  <package id="Microsoft.Rest.ClientRuntime" version="2.3.8" targetFramework="net461" />
  <package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.8" targetFramework="net461" />
  <package id="Microsoft.Rest.ClientRuntime.Azure.Authentication" version="2.3.0" targetFramework="net461" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net461" />
</packages>