0
votes

I want to create Azure Resource Groups through C# code.

I have followed all steps of Creating Service Principal from this link and access still i am getting error

I am following these links

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/csharp https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

Below is the error

Microsoft.Rest.Azure.CloudException occurred HResult=0x80131500 Message=The client 'XXXXXXXXXXXXXXX' with object id 'XXXXXXXXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/XXXXXXXXXX/resourcegroups/Zimmergren.ARM.ResourceGroupDemo-123'. Source=Microsoft.Azure.Management.ResourceManager StackTrace: at Microsoft.Azure.Management.ResourceManager.ResourceGroupsOperations.d__7.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.ResourceManager.ResourceGroupsOperationsExtensions.d__5.MoveNext() at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.ResourceManager.ResourceGroupsOperationsExtensions.CreateOrUpdate(IResourceGroupsOperations operations, String resourceGroupName, ResourceGroup parameters) at AzureAD.Program.Main(String[] args) in C:\Users\nitin\Downloads\AzureAD\AzureAD\AzureAD\Program.cs:line 48

1

1 Answers

0
votes

Message=The client 'XXXXXXXXXXXXXXX' with object id 'XXXXXXXXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/XXXXXXXXXX/resourcegroups/Zimmergren.ARM.ResourceGroupDemo-123'.

The reason you're getting this error is because the Service Pricipal you created does not have permission to perform Create Resource Group operation in your Azure Subscription.

What you would need to do is assign a role to this Service Principal that has permission to perform this operation. To start with, you can assign Contributor role at the Subscription level to this Service Principal.

You can do it through Azure Portal, PowerShell Cmdlets or CLI Tools. You may find this link helpful in doing this through Azure Portal: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role.