When trying to start a project with an Azure SignalR resource defined, provisioning fails. I'm able to use the Connected Services-> Azure Resource Provisioning settings to set Subscription Name, Location and Resource group, and all three are correctly defined in my user secrets after.
When starting projects, resource provisioning fails with:
Error provisioning signalr.
Azure.RequestFailedException: The client 'REDACTED@microsoft.com' with object id 'REDACTED' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/REDACTED' or the scope is invalid. If access was recently granted, please refresh your credentials.
Status: 403 (Forbidden)
ErrorCode: AuthorizationFailed
Content:
{"error":{"code":"AuthorizationFailed","message":"The client 'REDACTED@microsoft.com' with object id 'REDACTED' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/REDACTED' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-failure-cause: REDACTED
x-ms-request-id: 78621442-aabe-4b16-9184-abe111313da2
x-ms-correlation-request-id: REDACTED
x-ms-routing-request-id: REDACTED
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
Date: Tue, 09 Apr 2024 23:07:50 GMT
Connection: close
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 384
at Azure.ResourceManager.Resources.SubscriptionsRestOperations.GetAsync(String subscriptionId, CancellationToken cancellationToken)
at Azure.ResourceManager.Resources.SubscriptionResource.GetAsync(CancellationToken cancellationToken)
at Azure.ResourceManager.ArmClient.GetDefaultSubscriptionAsync(CancellationToken cancellationToken)
at Aspire.Hosting.Azure.AzureProvisioner.GetProvisioningContextAsync(Lazy`1 userSecretsLazy, CancellationToken cancellationToken) in /_/src/Aspire.Hosting.Azure/Provisioning/Provisioners/AzureProvisioner.cs:line 337
at Aspire.Hosting.Azure.AzureProvisioner.ProcessResourceAsync(IConfiguration configuration, Lazy`1 provisioningContextLazy, IAzureResource resource, CancellationToken cancellationToken) in /_/src/Aspire.Hosting.Azure/Provisioning/Provisioners/AzureProvisioner.cs:line 265
This subscription is in a tenant where my Entra ID is a Member guest account.
az cli, azd, portal, all other ways to access it works, and I do in fact have the neccessary permissions. The Azure Resource provisioning setup mentioned above is also able to create a new resource group on the subscription.
I've tried setting an Azure:Tenant secret to both tenant id and tenant fqdn as well, to no avail.
When deploying to my primary tenant, everything works.
When trying to start a project with an Azure SignalR resource defined, provisioning fails. I'm able to use the Connected Services-> Azure Resource Provisioning settings to set Subscription Name, Location and Resource group, and all three are correctly defined in my user secrets after.
When starting projects, resource provisioning fails with:
This subscription is in a tenant where my Entra ID is a Member guest account.
az cli, azd, portal, all other ways to access it works, and I do in fact have the neccessary permissions. The Azure Resource provisioning setup mentioned above is also able to create a new resource group on the subscription.
I've tried setting an Azure:Tenant secret to both tenant id and tenant fqdn as well, to no avail.
When deploying to my primary tenant, everything works.