I've written a tool to setup Azure Web Apps, Databases, Storage accounts etc. Wt works quite well with general Azure. However, I'd now like to apply the same to Azure China now. Now I'm looking for the correct Urls to get a Token form the Active Directory to even access the API endpoint.
I'm going of these instructions: https://msdn.microsoft.com/en-us/library/azure/dn722415.aspx These settings for Azure work perfectly:
oAuthAuthorizationEndpoint="https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize?api-version=1.0"
apiEndpoint="https://management.core.windows.net/"
These are the Azure China urls that I'm using:
oAuthAuthorizationEndpoint="https://login.chinacloudapi.cn/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize?api-version=1.0"
apiEndpoint="https://management.core.chinacloudapi.cn/"
I can now login successfully using TokenCloudCredentials and the above settings.
this.Credentials = new TokenCloudCredentials(config.SubscriptionId, this.AuthenticationResult.AccessToken);
this.ResourceManagement = new ResourceManagementClient(this.Credentials, new Uri(config.ApiEndpoint));
var resourceGroups = this.ResourceManagement.ResourceGroups.ListAsync(new ResourceGroupListParameters(), CancellationToken.None).Result.ResourceGroups;
Console.WriteLine("ResourceGroupe: {0}", string.Join(", ", resourceGroups.Select(x => string.Format("{0}", x.Name)).ToArray()));
However as soon as I'm trying to access an API as shown above, I'm getting the following exception:
ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
It's the same exception is thrown by calling this.ResourceManagement.Providers.RegisterAsync("Microsoft.Storage")
Has anyone been able to successfully use the Management API for Azure China? How did you do it?
I'm pretty confident that all my Guids are valid and all the permissions are set correctly. Since I compared it to my working Azure counterpart.
(Guids are obviously masked)