When working with device twins and IoTHub, you have to be aware of security requirements of certain methods of the service twin API.
For example to get the instance of the twin or to update the twin you will need ‘ServiceConnect’ permission.
var twin = await registryManager.GetTwinAsync(Credentials.DeviceId); await registryManager.UpdateTwinAsync(twin.DeviceId, patch, twin.ETag);
However, if you want to query for twin properties you will need ‘RegistryRead’ permission.
var query = registryManager.CreateQuery("SELECT * FROM devices WHERE tags.location.plant = 'Redmond43'", 100);
var twinsInRedmond43 = await query.GetNextAsTwinAsync();
If you want to be sure that combination of statements listed above works well, you need to set the service SAS policy with ServiceConnect and RegistryRead permission.
If this is not the case, one of operations might fail with:
Microsoft.Azure.Devices.Common.Exceptions.UnauthorizedException:
Posted
Jun 12 2017, 07:55 AM
by
Damir Dobric