How to use ResourceManagementClient

Damir Dobric Posts

Next talks:



Follow me on Twitter: #ddobric





ResourceManagementClient is a class inside of Microsoft.Azure.Management.ResourceManager, which provide simplified API over Azure Resource Manager.

In this post I will show a short example, which demonstrates how to instantiate this class. First of, we have to obtain authorization token. There are several ways to do that. Next code sample shows the hard (native) way to obtain a token from Service Principal credentials. That means, the following code should be executed from some backend service.

public static async Task<string> GetTokenFromAadWithSecretKeyAsync(string secret,
string resourceUrl, string clientId,
string tenantId,
environment = null
if (environment == null
                environment =

var client = HttpFactory

string tokenEndpoint = $"{tenantId}/oauth2/token"

var body = $"resource={resourceUrl}&client_id={clientId}&grant_type=client_credentials&client_secret={secret}"
var stringContent = new StringContent(body, System.Text.Encoding.UTF8, "application/x-www-form-urlencoded"

var response = await
client.PostAsync(tokenEndpoint, stringContent);

if (response.StatusCode == HttpStatusCode
JObject jobject =

var token = jobject["access_token"].Value<string


throw new Exception

Credentials are defined by the secret and clientId. The client Id is also known as ApplicationId and it can be copied from AAD blade of your application.


Secret can be obtained from the same blade:


Assuming that you have tenantId, you will have to specify correct resourceUrl. Resource URL defines the service URL, which you want to access with the token.

In a case of Azure Resource Manager this URL is defined by AzureEnvironment.ManagementEnpoint. ManagementEndpoint property of AzureEnvironment is in Powershell called ServiceManagementUrl.

In a case of public cloud this is In a case of German Cloud this is As you see it is different URI in different environments.

Another, easier option to create credentials is:

var serviceCreds = await ApplicationTokenProvider.LoginSilentAsync(tenantId, clientId, secret);

One you have a token, you can start coding. Following snippet shows instantiation.

public async void Run(string deploymentName,
string token, Uri authEndpoint, string subscriptionId, string resourceGroupName, string resGroupLocation, string jsonTemplate, string
// Try to obtain the service credentials

var serviceCreds = new TokenCredentials(token);

// Read the template and parameter file contents

JObject templateFileContents = JObject.Parse(jsonTemplate);
JObject parameterFileContents = JObject

// Create the resource manager client

var resourceManagementClient =
new ResourceManagementClient
            resourceManagementClient.SubscriptionId = subscriptionId;

// Create or check that resource group exists

            resourceGroupName, resGroupLocation);

// Start a deployment

            resourceGroupName, deploymentName,
            templateFileContents, parameterFileContents);

Posted Mar 28 2017, 07:16 AM by Damir Dobric is a .Net Community Blog powered by daenet GmbH.