Microsoft.Azure.Management.ApiManagement - Create authorization token programatically

[vetrivelmp]

Hello All,

I am trying to implement Azure API Management APIs using Microsoft.Azure.Management.ApiManagement 4.0.4-preview.

No where I see documentation for implementation. I tried below code. but I am getting authentication error. i want to know how to create authorization token programatically.

Microsoft.Rest.Azure.CloudException: 'Authentication failed. The 'Authorization' header is provided in an invalid format.'

BasicAuthenticationCredentials basicAuthenticationCredentials = new BasicAuthenticationCredentials();
basicAuthenticationCredentials.UserName = "***";
basicAuthenticationCredentials.Password = "";

var token = "Bearer **********"; // copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password

ApiManagementClient apiManagementClient = new ApiManagementClient(basicAuthenticationCredentials);
apiManagementClient.SubscriptionId = "*************************************";
apiManagementClient.HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", token);
apiManagementClient.ApiManagementService.Get("resourcegroupname", "POCAPIManagementService"); // error happening from this line

var user = apiManagementClient.User.Get("resourcegroupname", "POCAPIManagementService", "1");

[vetrivelmp]

No reply for this comment ?

[shahabhijeet]

Here is one way you achieve this.
When you have to pass in the credentials to your management client constructor, new up the below class.

public class myServiceCredentials : ServiceClientCredentials
    {
        private string AuthenticationToken { get; set; }
        public override void InitializeServiceClient<T>(ServiceClient<T> client)
        {
            var authenticationContext = new AuthenticationContext("https://login.windows.net/{tenantID}");
            var credential = new ClientCredential(clientId: "xxxxx-xxxx-xx-xxxx-xxx", clientSecret: "{clientSecret}");
            var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);

            if (result == null)
            {
                throw new InvalidOperationException("Failed to obtain the JWT token");
            }
            AuthenticationToken = result.AccessToken;
        }
    }

[vetrivelmp]

This helps to find anwser. thank you so much.
https://stackoverflow.com/questions/52108663/microsoft-azure-management-apimanagement-implementation/52219492#52219492

[ghost]

Hello,

I'm trying to use Microsoft.Azure.Management.ApiManagement 6.0.0-preview to add new Products, policies, etc and manage my Azure API management progrmatically.

I used the "myServiceCredentials" from the previous post and I got a valid token as expected, now I'm trying to add new Product through ApiManagementClient.Product.CreateOrUpdate()

I have this method:

public async Task<ProductContract> CreateAPIMroducts(myContract myData)
        {
            var serviceCredentials = new AzureApiManagementServiceCredentials(); //in this class I implement ServiceClientCredentials

            ApiManagementClient myClient = new ApiManagementClient(serviceCredentials);

            ProductContract productContract = new ProductContract("displayName");

            ProductContract result =await myClient .Product.CreateOrUpdateAsync(myData.ResourceGroupName, myData.ServiceName, myData.ProductId, productContract);
            return result;
        }

So I'm trying to create new Product into my APIM instance but I got this error: Microsoft.Rest.ValidationException: 'this.Client.SubscriptionId' cannot be null.

What I understand is to assign my subscription with the client I use but I don't know if I'm right or not and how to do it

Can you please challenge me with your ideas?

thank you! 😊

[allenjzhang]

In your latest question, you need to set the subscriptionId on the client:
myClient.SubscriptionId = "YOUR SUB ID"

For your original question, you could leverage Microsoft.Rest.ClientRuntime.Azure.Authentication.ApplicationTokenProvider for easy auth. It also has auto token refresh as well.

            var credentials = await ApplicationTokenProvider.LoginSilentAsync(
                "Domain or TenantID",
                "ClientId",
                "Client Secret");
            var client = new ComputeManagementClient(credentials);

[ghost]

Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

[LockTar]

I'm working with the Microsoft.Azure.Management.ApiManagement 6.0.0-preview package as well and this issue helped me a lot. I changed the code a bit so it is better to use with the client.

AzureApiManagementServiceCredentials

public class AzureApiManagementServiceCredentials : ServiceClientCredentials
{
    private readonly string _tenantId;
    private readonly string _clientId;
    private readonly string _clientSecret;

    public AzureApiManagementServiceCredentials(string tenantId, string clientId, string clientSecret)
    {
        _tenantId = tenantId;
        _clientId = clientId;
        _clientSecret = clientSecret;
    }

    public override void InitializeServiceClient<T>(ServiceClient<T> client)
    {
        var authenticationContext = new AuthenticationContext($"https://login.microsoftonline.com/{_tenantId}");
        var credential = new ClientCredential(clientId: _clientId, clientSecret: _clientSecret);
        var result = authenticationContext.AcquireTokenAsync(resource: "https://management.azure.com/", clientCredential: credential).Result;

        if (result == null)
        {
            throw new InvalidOperationException($"Failed to obtain the JWT token for Azure API Management Rest connection for user {_clientId}");
        }

        client.HttpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken);
    }
}

Create the ApiManagementClient:

private ApiManagementClient InitializeApiManagementClientForSubscription(string subscriptionId)
{
    //_configuration (IConfiguration) is in my case injected...
    var serviceCredentials = new AzureApiManagementServiceCredentials(
                    _configuration["TenantId"], 
                    _configuration["ClientId"], 
                    _configuration["ClientSecret"]);

    var client = new ApiManagementClient(serviceCredentials);
    client.SubscriptionId = subscriptionId;

    return client;
}

[madshaun1984]

For your original question, you could leverage Microsoft.Rest.ClientRuntime.Azure.Authentication.ApplicationTokenProvider for easy auth. It also has auto token refresh as well.

            var credentials = await ApplicationTokenProvider.LoginSilentAsync(
                "Domain or TenantID",
                "ClientId",
                "Client Secret");
            var client = new ComputeManagementClient(credentials);

This doesn't work for creating an ApiManagementClient or is missing information. Tested with 6.0.0-preview.