Skip to content

Latest commit

 

History

History
127 lines (102 loc) · 7.26 KB

hdinsight-create-non-interactive-authentication-dotnet-applications.md

File metadata and controls

127 lines (102 loc) · 7.26 KB
title description editor manager services documentationcenter tags author ms.assetid ms.service ms.custom ms.workload ms.tgt_pltfrm ms.devlang ms.topic ms.date ms.author
Create non-interactive authentication .NET applications in Azure HDInsight | Microsoft Docs
Learn how to create non-interactive authentication Microsoft .NET applications in Azure HDInsight.
cgronlun
jhubbard
hdinsight
azure-portal
mumian
8e32430f-6404-498a-9fcd-f20338d964af
hdinsight
hdinsightactive
big-data
na
na
article
09/21/2017
jgao

Create a non-interactive authentication .NET HDInsight application

You can run your Microsoft .NET Azure HDInsight application either under the application's own identity (non-interactive) or under the identity of the signed-in user of the application (interactive). This article shows you how to create a non-interactive authentication .NET application to connect to Azure and manage HDInsight. For a sample of an interactive application, see Connect to Azure HDInsight.

From your non-interactive .NET application, you need:

Prerequisites

Assign a role to the Azure AD application

Assign your Azure AD application a role, to grant it permissions to perform actions. You can set the scope at the level of the subscription, resource group, or resource. The permissions are inherited to lower levels of scope. (For example, adding an application to the Reader role for a resource group means that the application can read the resource group and any resources in it.) In this tutorial, you set the scope at the resource group level. For more information, see Use role assignments to manage access to your Azure subscription resources.

To add the Owner role to the Azure AD application

  1. Sign in to the Azure portal.
  2. In the left menu, select Resource Group.
  3. Select the resource group that has the HDInsight cluster on which you will run your Hive query later in this tutorial. If you have a large number of resource groups, you can use the filter to find the one you want.
  4. On the resource group menu, select Access control (IAM).
  5. Under Users, select Add.
  6. Follow the instructions to add the Owner role to your Azure AD application. After you successfully add the role, the application is listed under Users, with the Owner role.

Develop an HDInsight client application

  1. Create a C# console application.

  2. Add the following NuGet packages:

     Install-Package Microsoft.Azure.Common.Authentication -Pre
 Install-Package Microsoft.Azure.Management.HDInsight -Pre
 Install-Package Microsoft.Azure.Management.Resources -Pre

  3. Run the following code:

    using System;
using System.Security;
using Microsoft.Azure;
using Microsoft.Azure.Common.Authentication;
using Microsoft.Azure.Common.Authentication.Factories;
using Microsoft.Azure.Common.Authentication.Models;
using Microsoft.Azure.Management.Resources;
using Microsoft.Azure.Management.HDInsight;

namespace CreateHDICluster
{
    internal class Program
    {
        private static HDInsightManagementClient _hdiManagementClient;

        private static Guid SubscriptionId = new Guid("<Enter your Azure subscription ID>");
        private static string tenantID = "<Enter your tenant ID (also called directory ID)>";
        private static string applicationID = "<Enter your application ID>";
        private static string secretKey = "<Enter the application secret key>";

        private static void Main(string[] args)
        {
            var key = new SecureString();
            foreach (char c in secretKey) { key.AppendChar(c); }

            var tokenCreds = GetTokenCloudCredentials(tenantID, applicationID, key);
            var subCloudCredentials = GetSubscriptionCloudCredentials(tokenCreds, SubscriptionId);

            var resourceManagementClient = new ResourceManagementClient(subCloudCredentials);
            resourceManagementClient.Providers.Register("Microsoft.HDInsight");

            _hdiManagementClient = new HDInsightManagementClient(subCloudCredentials);

            var results = _hdiManagementClient.Clusters.List();
            foreach (var name in results.Clusters)
            {
                Console.WriteLine("Cluster Name: " + name.Name);
                Console.WriteLine("\t Cluster type: " + name.Properties.ClusterDefinition.ClusterType);
                Console.WriteLine("\t Cluster location: " + name.Location);
                Console.WriteLine("\t Cluster version: " + name.Properties.ClusterVersion);
            }
            Console.WriteLine("Press Enter to continue");
            Console.ReadLine();
        }

        /// Get the access token for a service principal and provided key.          
        public static TokenCloudCredentials GetTokenCloudCredentials(string tenantId, string clientId, SecureString secretKey)
        {
            var authFactory = new AuthenticationFactory();
            var account = new AzureAccount { Type = AzureAccount.AccountType.ServicePrincipal, Id = clientId };
            var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
            var accessToken =
                authFactory.Authenticate(account, env, tenantId, secretKey, ShowDialog.Never).AccessToken;

            return new TokenCloudCredentials(accessToken);
        }

        public static SubscriptionCloudCredentials GetSubscriptionCloudCredentials(SubscriptionCloudCredentials creds, Guid subId)
        {
            return new TokenCloudCredentials(subId.ToString(), ((TokenCloudCredentials)creds).Token);
        }
    }
}

Next steps