Azure Service Principal cannot access Service Management API

2
votes

It seems that an application that authenticates against Azure as a Service Principal (setup as per this post) cannot access the Service Management API. I cannot find anywhere that states explicitly that this is not supported. Is it possible? Will it ever be supported?

An application that authenticates using a Management Certificate cannot access the Resource Manager API (this is explicitly not supported).

Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?

1
azureazure-resource-manager

1 Answers

1
votes

Is there a way to authenticate an application (not a person) against Azure and access both Service Management and Resource Manager API's?

From what I understand, No it is not possible today. In order to use tokens based authentication for Service Management API, the user/application for which the token is issued must be an administrator or co-administrator on the Azure Subscription in question and I could not find a way to add a service principal as an admin/co-admin in Azure Portal.

However a Service Principal can access Resource Manager API. For this you must assign that service principal an appropriate role using Azure Preview Portal. Please see this link regarding instructions for the same: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/.

I know that you're not after this, but one thing you could do is create a service principal type user in your Azure AD and then use that user for both Service Management and Resource Manager API. Please see this blog post for more details: http://blogs.msdn.com/b/tomholl/archive/2014/11/25/unattended-authentication-to-azure-management-apis-with-azure-active-directory.aspx.