CODEWITHSUNDEEP
azureazure-powershellazure-resource-managerservice-principal
Trevor Elliott
Trevor Elliott

Reputation: 11252

Unable to cast TokenCloudCredentials to AccessTokenCredential when calling New-AzureRmADApplication

I'm writing a PowerShell deployment script which automates the creation of my Azure resources and an accompanying ServicePrincipal.

Here is the code I'm using, which I've tested and works when run directly from PowerShell with the latest Azure 1.0.4 SDK module:

$ResourceGroupName = "my-resource-group"
$ADAppIdentifierUri = [string]::Concat("https://", $ResourceGroupName, ".azurewebsites.net")

# Generate a password for the AD application
$ServicePrincipalPassword = [Guid]::NewGuid().ToString().Replace("-", "")

# Create the Azure AD Application and service principal, and only assign access to our resource group
$AzureADApplication = New-AzureRmADApplication -DisplayName $ResourceGroupName -HomePage $ADAppIdentifierUri -IdentifierUris $ADAppIdentifierUri -Password $ServicePrincipalPassword

When I run this code using my ResourceGroup project deployment script in Visual Studio, I get the following error:

New-AzureRmADApplication : Unable to cast object of type 'Microsoft.Azure.TokenCloudCredentials' to type 'Microsoft.Azure.Common.Authentication.AccessTokenCredential'.

According to the stack trace the exception was raised at the start of the command New-AzureRmADApplication, so the exception is happening internally in the Azure SDK code unfortunately.

I've browsed the source code of the SDK in the following files and could not find any insight:

https://github.com/Azure/azure-powershell/blob/f803b991daa7eeeea1217238ab071c8d83de34be/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADApplicationCommand.cs

https://github.com/Azure/azure-powershell/blob/956d0ca795acfce67d8f142bf059ab2b8ab2c67b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs

https://www.symbolsource.org/Public/Metadata/NuGet/Project/Microsoft.Azure.Graph.RBAC/1.6.0-preview/Release/.NETFramework,Version%3Dv4.0/Microsoft.Azure.Graph.RBAC/Microsoft.Azure.Graph.RBAC/Generated/GraphRbacManagementClient.cs?ImageName=Microsoft.Azure.Graph.RBAC

I can only find one person who's encountered this same error at this link here: https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/

However, the solution there does not make sense to me because I am not using a management certificate to authenticate, and I don't have any management certificates listed on the manage.windowsazure.com site.

Upvotes: 0

Views: 356

Answers (1)

bmoore-msft
bmoore-msft

Reputation: 8737

This is an issue (i.e. bug) when using token based authentication with the AzureRMAD* cmdlets. When you run the script from VS, VS uses the token you have from the VS sign-in to avoid prompting for auth. To work around it, you have to run it outside of VS using credentials.

There is an internal work item tracking this but if you want to monitor progress you can file an issue here: https://github.com/Azure/azure-powershell/issues/

Upvotes: 2

Related Questions