none
InvalidAuthenticationTokenTenant while creating Data Lake store using REST API RRS feed

  • Question

  • I am trying to create a data lake store using the below code.

    var subscriptionId = new Guid("my subscriptionId here");
                var _credentials = GetAccessToken();
                string dataLakeAccountName = "eu2dl1";
                string location = "East US 2";

                _credentials = GetCloudCredentials(_credentials, subscriptionId);
                _dataLakeStoreClient = new DataLakeStoreManagementClient(_credentials);
                _dataLakeStoreFileSystemClient = new DataLakeStoreFileSystemManagementClient(_credentials);

                var parameters = new DataLakeStoreAccountCreateOrUpdateParameters();
                parameters.DataLakeStoreAccount = new DataLakeStoreAccount
                {
                    Name = dataLakeAccountName,
                    Location = location
                };

                // Create a Data Lake Store account
                Console.WriteLine("Creating an Azure Data Lake Store account ...");
                _dataLakeStoreClient.DataLakeStoreAccount.Create(ResourceGroupName, parameters);

    But I am continuously running into the following error.


    {"error":{"code":"InvalidAuthenticationTokenTenant","message":"The access token is from the wrong issuer 'https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/'. It must match the tenant 'https://sts.windows.net/89bbf8e5-eb2c-4752-82df-66bb7843a0cf/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/89bbf8e5-eb2c-4752-82df-66bb7843a0cf' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."}}

    Any ideas or suggestion to nail down the above error??

    Monday, January 18, 2016 9:23 AM

Answers

  • Hi,

    It looks like the user credentials you are providing may be part of more than one Azure Active Directory (which can happen if you are a member of more than one subscription).

    In your code, where you call authFactory.Authenticate, you can provide your tenant ID ("89bbf8e5-eb2c-4752-82df-66bb7843a0cf") instead of the common AAD tenant (AuthenticationFactory.CommonAdTenant).

    If you are using our .NET SDK tutorial's sample code, then you can change your GetAccessToken method to this:

    public static SubscriptionCloudCredentials GetAccessToken(string username = null, SecureString password = null, string aadTenant = null)
    {
         var authFactory = new AuthenticationFactory();
    
         var account = new AzureAccount { Type = AzureAccount.AccountType.User };
    
         if (username != null && password != null)
              account.Id = username;
    
         var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
    
         if (aadTenant == null)
              aadTenant = AuthenticationFactory.CommonAdTenant;
    
     return new TokenCloudCredentials(authFactory.Authenticate(account, env, aadTenant, password, ShowDialog.Auto).AccessToken);
    }

    I hope this helps! We'll update our documentation to include this scenario.

    Please let me know if you have any questions.

    Best regards,

    Matthew Hicks

    Program Manager

    Azure Data Lake

    Tuesday, January 19, 2016 9:15 PM

All replies

  • Hi,

    It looks like the user credentials you are providing may be part of more than one Azure Active Directory (which can happen if you are a member of more than one subscription).

    In your code, where you call authFactory.Authenticate, you can provide your tenant ID ("89bbf8e5-eb2c-4752-82df-66bb7843a0cf") instead of the common AAD tenant (AuthenticationFactory.CommonAdTenant).

    If you are using our .NET SDK tutorial's sample code, then you can change your GetAccessToken method to this:

    public static SubscriptionCloudCredentials GetAccessToken(string username = null, SecureString password = null, string aadTenant = null)
    {
         var authFactory = new AuthenticationFactory();
    
         var account = new AzureAccount { Type = AzureAccount.AccountType.User };
    
         if (username != null && password != null)
              account.Id = username;
    
         var env = AzureEnvironment.PublicEnvironments[EnvironmentName.AzureCloud];
    
         if (aadTenant == null)
              aadTenant = AuthenticationFactory.CommonAdTenant;
    
     return new TokenCloudCredentials(authFactory.Authenticate(account, env, aadTenant, password, ShowDialog.Auto).AccessToken);
    }

    I hope this helps! We'll update our documentation to include this scenario.

    Please let me know if you have any questions.

    Best regards,

    Matthew Hicks

    Program Manager

    Azure Data Lake

    Tuesday, January 19, 2016 9:15 PM
  • Matthew,

    Your answer solved same problem I was having.

    Thanks,

    Marc

    Thursday, February 4, 2016 8:55 PM