从 Azure Web 应用托管服务标识创建资源组

Question

I'm trying to build a Bot using MS Bot framework and this bot is hosted as an Azure Web App. I've added code to create resource groups using the Microsoft.Azure.Management.Fluent APIs

AzureCredentialsFactory f = new AzureCredentialsFactory();
var msi = new MSILoginInformation(MSIResourceType.AppService);

var msiCred = f.FromMSI(msi, AzureEnvironment.AzureGlobalCloud);

var azureAuth = Azure.Configure()
                 .WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
                 .Authenticate(msiCred);

var azure = azureAuth.WithSubscription(subscription);

var resourceGroup = azure.ResourceGroups.Define(rg)
                                    .WithRegion(Region.EuropeWest)
                                    .Create();

This code is levering the Managed Service Identity of the Web app. I've made this web app "Owner" of the Azure subscription.

when i execute this code i keep getting this exception

Exception: The access token has been obtained from wrong audience or resource ' https://management.core.windows.net '. It should exactly match (including forward slash) with one of the allowed audiences ' https://management.core.windows.net/ ',' https://management.azure.com/ '.

I never set the audience or resource by hand and don't see any option on how to do this.

When i change my code to use a service principal i created myself it works great

ServicePrincipalLoginInformation loginInfo = new ServicePrincipalLoginInformation() 
{ 
    ClientId = _clientId, 
    ClientSecret = _clientSecret 
}; 

var credentials = new AzureCredentials(loginInfo, _tenantId, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure()
             .WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
             .Authenticate(credentials);

How to set this audience or resource or what am i doing wrong?

Answer 1

How to set this audience or resource or what am i doing wrong?

I also can reproduce this issue on my side. It seems it is the SDK issue. You could report it to the Azure SDK github issue .

Update:

According to issue-4090 , it has been fixed in version 1.7, you could test again if it is released.