Create EventHub from a web app

Question

Create EventHub from a web app

Hi,

actually I begin to develop some programms for Azure. I want to select from a specific event hub namespace the existing event hubs. I wrote the code below but I get the following error message when the program try execute line 9:

ErrorResponseException: Operation returned an invalid status code 'Forbidden'
Microsoft.Azure.Management.EventHub.EventHubsOperations.ListByNamespaceWithHttpMessagesAsync(string resourceGroupName, string namespaceName, Nullable<int> skip, Nullable<int> top, Dictionary<string, List<string>> customHeaders, CancellationToken cancellationToken)

var cred = new ClientCredential(clientId, secretName);
var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}/");

var token = await context.AcquireTokenAsync(
                @"https://management.core.windows.net/",
                cred
);
var serviceClientCredentials = new TokenCredentials(token.AccessToken);
var eventHubManagementClient = new EventHubManagementClient(serviceClientCredentials) {
       SubscriptionId = subscriptionID
};
var eventhubs = eventHubManagementClient.EventHubs.ListByNamespace(resGroup, eventHubNamespace);
foreach (var eventhub in eventhubs)
       Models.Add(new PizzaCreator { Name = eventhub.Name });

Has someone an idea where the problem could be?

Answer 1

Stanislav Zhelyazkov 15,266 MVP

Most likely the credentials you are using does not have permissions.

Stephan Wedig 1 Reputation point

2021-07-07T08:14:20.647+00:00

Do you have an idea which permission I need?
Stanislav Zhelyazkov 15,266 Reputation points MVP

2021-07-07T08:41:21.103+00:00

If you just need to read the resources reader should be fine. Permissions will depend on what your application needs to do and to which resources exactly. There are built-in roles you can use and there is a way to create custom roles. When you have the roles that you need you can create role assignments to give the actual permissions What is Azure role-based access control (Azure RBAC)?
Stephan Wedig 1 Reputation point

2021-07-07T09:40:03.853+00:00

I think I didn't understand whart I do. In the first step I want to read the eventhub from a namespace. Later I want to create eventhubs.

I have a web app in Azure. I have created in the AAD an app registration for this web app. On this point the user have to login for using my app. Did I add the permission in the app registration or on another place? Under permission I don't find an option to add the permission to access the eventhub management.
Stanislav Zhelyazkov 15,266 Reputation points MVP

2021-07-07T09:49:33.683+00:00

If you are looking for specific question about using the Azure SDK and code development I would guess either it is another forum or the tag needs to be different.
If you your web app will use the app registration to access the Azure Resources than the app registration needs to have permissions on Azure. If your app will use the credentials of a user logged to your app to access Azure Resources than the user will need the permissions. In any of those two cases I think you need support on development and Azure SDK rather something specific to Azure or Azure Event Hub.

Create EventHub from a web app

1 answer

Activity