Microsoft.Azure.Management.ApiManagement Implementation

Question

I am trying to implement Azure API Management APIs using Microsoft.Azure.Management.ApiManagement 4.0.4-preview.

No where I see documentation for implementa

Answer 1

@Joseph, I had the same issue with unauthorized responses. Inspected the request made through the ApiManagementClient. Two things were wrong:

1. Wrong url
2. Missing authorization header.

Corrected this by doing:

var credentials = new MyCredentials();
var client = new ApiManagementClient(new Uri("https://management.azure.com/"), credentials);
client.SubscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
client.HttpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + credentials.AuthenticationToken);
var result = await client.User.ListByServiceAsync("resource-group", "service");

MyCredentials looks the same as the myServiceCredentials class in the previous response and it inherits from ServiceClientCredentials. Had to make the AuthenticationToken prop public though.

Answer 2

copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password

It seems that there is something wrong with the way you generate.

The authorization header should be a JSON Web Token that you obtain from Azure Active Directory, but directly from Azure Portal. For more details, you could refer to this article.

You can refer to this document for how to obtain a JWT from AAD and protect an API by using OAuth 2.0 with Azure Active Directory and API Management.

Answer 3

After two weeks struggle we found way to Microsoft.Azure.Management.ApiManagement dll Implementation.

1) Create application inside azure ad 2) Go to your APIM => Access control (IAM) Tab 3) Add the above created application (permission is required to do this in APIM) 4) Now you should be able to see Azure AD application in APIM Access control (IAM) Tab

This will provide delegated permission to your application which is created in Azure AD

We can use client credential flow to get delegated access token against Azure AD. Use scope as https://management.azure.com

The sample code for implementing client credential flow for Microsoft.Azure.Management.ApiManagement dll is given below.

public class myServiceCredentials : ServiceClientCredentials{
private string AuthenticationToken { get; set; }
public override void InitializeServiceClient<T>(ServiceClient<T> client)
    {
        var authenticationContext = new 
   AuthenticationContext("https://login.windows.net/{tenantID}");
        var credential = new ClientCredential(clientId: "xxxxx-xxxx-xx-xxxx-xxx", 
  clientSecret: "{clientSecret}");
        var result = authenticationContext.AcquireToken(resource: 
        "https://management.core.windows.net/", clientCredential: credential);

        if (result == null)
        {
            throw new InvalidOperationException("Failed to obtain the JWT token");
        }
        AuthenticationToken = result.AccessToken;
    }
}

Thank you https://github.com/Azure/azure-sdk-for-net/issues/4727