A C# SDK for connecting devices to Microsoft Azure IoT services
Other
464
stars
493
forks
source link
[Bug Report] Owner and Contributor roles fail with 'is not authorized for GET on /twins/device_id', "IoT Hub Data Reader" is explicitely required #3344
Setup IoT Hub and give yourself Owner and/or Contributor roles
Create a device called in IoT Hub
✅ This works:
az login --tenant xyz
az iot hub device-twin show --hub-name 'hub1' --device-id 'John' --query 'properties.desired' --output json --subscription 'sub1'
❌ This doesn't work:
var hub = "rbtestiothub-leia.azure-devices.net";
var deviceId = "John";
var credential = new AzureCliCredential();
var ar rm = RegistryManager.Create(hub, credential);
var twin = await rm.GetTwinAsync(deviceId); // IotHubUnauthorized;Principal edited>@<edited.com is not authorized for GET on /twins/John
Error:
> Error: Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException: {"Message":"ErrorCode:IotHubUnauthorized;Principal <edited>@<edited>.com is not authorized for GET on /twins/John due to no assigned permissions","ExceptionMessage":"Tracking ID:abc:0-TimeStamp:06/26/2023 07:44:12"}
5. Assign "IoT Hub Data Reader" role to the user
6. ✅
var twin = await rm.GetTwinAsync(deviceId); // Success
Setup IoT Hub and give yourself Owner and/or Contributor roles
Create a device called in IoT Hub
✅ This works:
❌ This doesn't work:
var credential = new AzureCliCredential();
var ar rm = RegistryManager.Create(hub, credential); var twin = await rm.GetTwinAsync(deviceId); // IotHubUnauthorized;Principal edited>@<edited.com is not authorized for GET on /twins/John
var twin = await rm.GetTwinAsync(deviceId); // Success
i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet5/nuget/v3/index.json"
i "nuget:https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json"
r "nuget:Azure.Identity"
r "nuget:Microsoft.Extensions.Azure"
r "nuget:Microsoft.Azure.Devices"
using Azure.Identity; using Microsoft.Extensions.Azure; using Microsoft.Azure.Devices;