Is it possible to authenticate Azure Management .NET SDK with InteractiveBrowserCredential?

Question

I have a script to build resources for Azure. Currently, I’m using a service principal, but ideally I’d like to use my Active Directory login instead since we are going to open the script up to a larger group of developers and would like traceability. Is it possible to use InteractiveBrowserCredential to do something like the following:

    var credential = await new InteractiveBrowserCredential(new InteractiveBrowserCredentialOptions {});

    var azure = Microsoft.Azure.Management.Fluent.Azure
      .Configure()
      .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
      .Authenticate(new AzureCredentials(credential, AzureEnvironment.AzureGlobalCloud))
      .WithSubscription(subscriptionId);

    var webApp = await azure.WebApps.GetByResourceGroupAsync(resourceGroup, webAppName);

The above script doesn’t compile because there’s not a conversion between InteractiveBrowserCredential and AzureCredentials. When I extract the token from the InteractiveBrowserControl, I get an Unauthorized response from the web app.

Answer 1

I think that you'll need to use the new Azure SDK for .NET, which is in public preview, and sits atop Azure.Identity - which supports InteractiveBrowserCredential. Documentation is available on GitHub at https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/README.md

The condensed version is that you'll now use an ArmClient object, which you authenticate with

ArmClient client = new ArmClient(new DefaultAzureCredential());

From that client, you would get a Subscription object, from which you'd get a ResourceGroup object, from which you would manipulate whatever resource types you wish.