i new azure data lake analytics , converting c# batch job use service service authentication before submitting stored procedures azure data lake analytics.
public void authenticateadluser() { //connect adl // service principal / appplication authentication client secret / key synchronizationcontext.setsynchronizationcontext(new synchronizationcontext()); ctokencreds = applicationtokenprovider.loginsilentasync(strdomain, strwebapp_clientid, strclientsecret).result; setupclients(ctokencreds, strsubscriptionid); } public static void setupclients(serviceclientcredentials tokencreds, string subscriptionid) { _adlaclient = new datalakeanalyticsaccountmanagementclient(tokencreds); _adlaclient.subscriptionid = subscriptionid; _adlajobclient = new datalakeanalyticsjobmanagementclient(tokencreds); _adlsfilesystemclient = new datalakestorefilesystemmanagementclient(tokencreds); } even though have given correct clientid error comes different clientid in error when execute following code:
var jobinfo = _adlajobclient.job.create(_adlsaccountname, jobid, parameters);. the error message is:
the client 'e83bb777-f3af-4526-ae34-f5461a5fde1c' object id 'e83bb777-f3af-4526-ae34-f5461a5fde1c' not have authorization perform action 'microsoft.authorization/permissions/read' on scope '/subscriptions/a0fb08ca-a074-489c-bed0-....
- why clientid different 1 used in code?
- is code issue or permissions issue? assume code since clientid not authorized 1 created.
note: subscriptionid correct.
i assumed created azure active directory app , client , domain ids of app. if not, you'll need that... if have that, can check if app has permissions on data lake store: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-authenticate-using-active-directory
Comments
Post a Comment