How can I set up my Azure account in order to make ARM deployments via the REST API?

I have an Azure accounts and I want to make deployment of ARM templates using the ASP.NET libraries. I've noticed that in the Azure Portal generated Deployment class (in the DeploymentHelper.cs file that I've downloaded from the Portal) I have the following fields that I need to provide my own data:

string subscriptionId = "your-subscription-id";
string clientId = "your-service-principal-clientId";
string clientSecret = "your-service-principal-client-secret";
string resourceGroupName = "resource-group-name";
string deploymentName = "deployment-name";
string resourceGroupLocation = "resource-group-location";
string pathToTemplateFile = "path-to-template.json-on-disk";
string pathToParameterFile = "path-to-parameters.json-on-disk";
string tenantId = "tenant-id";

I'm having a hard time with these:

string clientId = "your-service-principal-clientId";
string clientSecret = "your-service-principal-client-secret";

I know that the subscriptionId I can get in the Subscriptions blade. I also know that the tenantId I can get in the Azure Active Directory > Properties blade under the Directory ID field.

I have followed this documentation page in order to try and set up an App Registration on Azure Active Directory, which I've read is what I need to obtain the cliendId and clientSecret values. I think it's worth mentioning I have no experience whatsoever with Active Directory or Azure Active Directory.

When following the docs my first issue is with this blade:

enter image description here

I don't know what I should put in the "Sign-on URL" field. I've tried filling it with my personal website just because it's required (probably my first mistake). Then with the Registered App I go in "Application ID" and use the value as clientId within my code.

I then generate the key in the "Settings" blade and use it as the clientSecret within my code.

However when I run my code I get the following error:

Exception thrown: 'Microsoft.Rest.Azure.CloudException' in System.Private.CoreLib.dll

An exception of type 
'Microsoft.Rest.Azure.CloudException' occurred in System.Private.CoreLib.dll but was not handled in user code

Operation returned an invalid status code 'Forbidden'

I wouldn't want to do any fancy Azure AD set up in order to make deployments via Azure. I'm trying this on my personal account, so it's not like a have an AD environment set up.

1 answer

  • answered 2018-07-11 01:40 Tom Sun

    I don't know what I should put in the "Sign-on URL" field. I've tried filling it with my personal website just because it's required (probably my first mistake).

    If you develop a WebApplication, you could Webapplication address it as sign-on url. In your case your could add a vaild url address. And you could add your personal website.

    Operation returned an invalid status code 'Forbidden'

    It means that you have no access to deploy the resource to the subscription.

    You need to assgin role to the WebApplication. For more information, refer to how to registry an Azure AD application and assigin role.