I'm trying to access metrics data in my localhost (http://localhost:8100) Ionic webapp of my resources using the Active Directory App Registration.
My administrator created a new app registration for my localhost app make it possible to request a new Bearer accesstoken.
After receiving the accesstoken I would like to let the application use this accesstoken to request metrics data.
One of the urls my webapp uses to call metrics (http GET request) is:
"https://management.azure.com/subscriptions/{subscription_id}/resourceGroups/{resourcegroup_name}/providers/Microsoft.Compute/virtualMachines/{VirtualMachine_name}/providers/microsoft.insights/metrics?api-version=2018-01-01&metricnames=Percentage%20CPU×pan=2018-10-16T03:00:00Z/2018-10-17T03:00:00Z"
with headers:
Authorization: {Bearer access_token},
Content-Type: 'application/json'
Unfortunately, after sending this get request it returns the error "AuthorizationFailed" (http error code 403) with message:
"The client '{client id}' with object id '{same as client id}' does not have authorization to perform action 'microsoft.Insights/metrics/read' over scope '/subscriptions/{subscription_id}/resourceGroups/{resourcegroup_name}/providers/Microsoft.Compute/virtualMachines/{VirtualMachine_name}/providers/microsoft.Insights'."
What is going wrong here?
I solved the issue since I noticed that the registered app in Active Directory has no granted roles.
I granted a role to this application by navigating to the subscription window and then to the Access control (IAM) tab. In this tab, I added the application which was declared in Active Directory Application Registrations and granted the role reader.
Since I saved the settings, the AuthorizationFailed error hasn't occured anymore.