Azure管理API中的身份验证问题

Question

我正在开发一个应用程序，它将使用Azure管理API来显示有关虚拟机的详细信息，启动和停止虚拟机等。

我能够对用户进行身份验证，但是一旦我尝试获取有关它所显示的虚拟机的信息，

用户无权执行Microsoft.Compute/virtualMachines/read

但我是我的azure帐户的管理员，它有owner+reader权限。我可以使用powershell做同样的事情，但不是通过应用程序。

我将此链接提交给开发人员：

https://azure.microsoft.com/en-in/documentation/articles/virtual-machines-windows-csharp-manage/

我的示例代码如下：

    static void Main(string[] args)
    {
        var groupName = "XYZ";
        var vmName = "DC1";
        var location = "Southeast Asia";
        var subscriptionId = "My Subscription ID";

        var token = GetAccessTokenAsync();
        var credential = new TokenCredentials(token.Result.AccessToken);

        GetVirtualMachineAsync(  credential,  groupName,  vmName,  subscriptionId);
    }

    private static async Task<AuthenticationResult> GetAccessTokenAsync()
    {
    var cc = new ClientCredential("{client-id}", "{client-secret}");
      var context = new AuthenticationContext("https://login.windows.net/{tenant-id}");
      var result = await context.AcquireTokenAsync("https://management.azure.com/", cc);
      if (result == null)
      {
        throw new InvalidOperationException("Could not get the token");
      }
      return result;
    }
    public static async void GetVirtualMachineAsync(  TokenCredentials credential,  string groupName,  string vmName  string subscriptionId)
{
    Console.WriteLine("Getting information about the virtual machine...");

    var computeManagementClient = new ComputeManagementClient(credential)
    { SubscriptionId = subscriptionId };
    var vmResult = await computeManagementClient.VirtualMachines.GetAsync(
        groupName,
        vmName,
        InstanceViewTypes.InstanceView);

    Console.WriteLine("hardwareProfile");
    Console.WriteLine("   vmSize: " + vmResult.HardwareProfile.VmSize);

    Console.WriteLine("\nstorageProfile");
    Console.WriteLine("  imageReference");
    Console.WriteLine("    publisher: " + vmResult.StorageProfile.ImageReference.Publisher);
    Console.WriteLine("    offer: " + vmResult.StorageProfile.ImageReference.Offer);
    Console.WriteLine("    sku: " + vmResult.StorageProfile.ImageReference.Sku);
    Console.WriteLine("    version: " + vmResult.StorageProfile.ImageReference.Version);
    Console.WriteLine("  osDisk");
    Console.WriteLine("    osType: " + vmResult.StorageProfile.OsDisk.OsType);
    Console.WriteLine("    name: " + vmResult.StorageProfile.OsDisk.Name);
    Console.WriteLine("    createOption: " + vmResult.StorageProfile.OsDisk.CreateOption);
    Console.WriteLine("    uri: " + vmResult.StorageProfile.OsDisk.Vhd.Uri);
    Console.WriteLine("    caching: " + vmResult.StorageProfile.OsDisk.Caching);

    Console.WriteLine("\nosProfile");
    Console.WriteLine("  computerName: " + vmResult.OsProfile.ComputerName);
    Console.WriteLine("  adminUsername: " + vmResult.OsProfile.AdminUsername);
    Console.WriteLine("  provisionVMAgent: " + vmResult.OsProfile.WindowsConfiguration.ProvisionVMAgent.Value);
    Console.WriteLine("  enableAutomaticUpdates: " + vmResult.OsProfile.WindowsConfiguration.EnableAutomaticUpdates.Value);

    Console.WriteLine("\nnetworkProfile");
    foreach (NetworkInterfaceReference nic in vmResult.NetworkProfile.NetworkInterfaces)
    {
        Console.WriteLine("  networkInterface id: " + nic.Id);
    }

    Console.WriteLine("\nvmAgent");
    Console.WriteLine("  vmAgentVersion" + vmResult.InstanceView.VmAgent.VmAgentVersion);
    Console.WriteLine("    statuses");
    foreach (InstanceViewStatus stat in vmResult.InstanceView.VmAgent.Statuses)
    {
        Console.WriteLine("    code: " + stat.Code);
        Console.WriteLine("    level: " + stat.Level);
        Console.WriteLine("    displayStatus: " + stat.DisplayStatus);
        Console.WriteLine("    message: " + stat.Message);
        Console.WriteLine("    time: " + stat.Time);
    }

    Console.WriteLine("\ndisks");
    foreach (DiskInstanceView idisk in vmResult.InstanceView.Disks)
    {
        Console.WriteLine("  name: " + idisk.Name);
        Console.WriteLine("  statuses");
        foreach (InstanceViewStatus istat in idisk.Statuses)
        {
            Console.WriteLine("    code: " + istat.Code);
            Console.WriteLine("    level: " + istat.Level);
            Console.WriteLine("    displayStatus: " + istat.DisplayStatus);
            Console.WriteLine("    time: " + istat.Time);
        }
    }

    Console.WriteLine("\nVM general status");
    Console.WriteLine("  provisioningStatus: " + vmResult.ProvisioningState);
    Console.WriteLine("  id: " + vmResult.Id);
    Console.WriteLine("  name: " + vmResult.Name);
    Console.WriteLine("  type: " + vmResult.Type);
    Console.WriteLine("  location: " + vmResult.Location);
    Console.WriteLine("\nVM instance status");
    foreach (InstanceViewStatus istat in vmResult.InstanceView.Statuses)
    {
        Console.WriteLine("\n  code: " + istat.Code);
        Console.WriteLine("  level: " + istat.Level);
        Console.WriteLine("  displayStatus: " + istat.DisplayStatus);
    }

}

谢谢。

Answer 1

我自己解决了这个问题。我缺少使用azure门户在active directory下创建的应用程序的适当权限。在我的例子中，我给了所有者访问权限。