I'm trying to build a Bot using MS Bot framework and this bot is hosted as an Azure Web App. I've added code to create resource groups using the Microsoft.Azure.Management.Fluent APIs
AzureCredentialsFactory f = new AzureCredentialsFactory();
var msi = new MSILoginInformation(MSIResourceType.AppService);
var msiCred = f.FromMSI(msi, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
.Authenticate(msiCred);
var azure = azureAuth.WithSubscription(subscription);
var resourceGroup = azure.ResourceGroups.Define(rg)
.WithRegion(Region.EuropeWest)
.Create();
This code is levering the Managed Service Identity of the Web app. I've made this web app "Owner" of the Azure subscription.
when i execute this code i keep getting this exception
Exception: The access token has been obtained from wrong audience or resource ’https://management.core.windows.net'. It should exactly match (including forward slash) with one of the allowed audiences ‘https://management.core.windows.net/’,’https://management.azure.com/’.
I never set the audience or resource by hand and don't see any option on how to do this.
When i change my code to use a service principal i created myself it works great
ServicePrincipalLoginInformation loginInfo = new ServicePrincipalLoginInformation()
{
ClientId = _clientId,
ClientSecret = _clientSecret
};
var credentials = new AzureCredentials(loginInfo, _tenantId, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
.Authenticate(credentials);
How to set this audience or resource or what am i doing wrong?