I have a script to build resources for Azure. Currently, I’m using a service principal, but ideally I’d like to use my Active Directory login instead since we are going to open the script up to a larger group of developers and would like traceability. Is it possible to use InteractiveBrowserCredential to do something like the following:
var credential = await new InteractiveBrowserCredential(new InteractiveBrowserCredentialOptions {});
var azure = Microsoft.Azure.Management.Fluent.Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(new AzureCredentials(credential, AzureEnvironment.AzureGlobalCloud))
.WithSubscription(subscriptionId);
var webApp = await azure.WebApps.GetByResourceGroupAsync(resourceGroup, webAppName);
The above script doesn’t compile because there’s not a conversion between InteractiveBrowserCredential and AzureCredentials. When I extract the token from the InteractiveBrowserControl, I get an Unauthorized response from the web app.
I think that you'll need to use the new Azure SDK for .NET, which is in public preview, and sits atop Azure.Identity - which supports InteractiveBrowserCredential. Documentation is available on GitHub at https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/resourcemanager/Azure.ResourceManager/README.md
The condensed version is that you'll now use an ArmClient object, which you authenticate with
ArmClient client = new ArmClient(new DefaultAzureCredential());
From that client, you would get a Subscription object, from which you'd get a ResourceGroup object, from which you would manipulate whatever resource types you wish.