在服务管理API上调用任何方法时出错

我希望从一个c#应用程序启动一个Azure runbook，该应用程序将托管在Azure web应用程序上。

我正在使用证书身份验证（只是为了测试我是否可以连接并检索一些数据）

到目前为止，这是我的代码：

var cert = ConfigurationManager.AppSettings["mgmtCertificate"];
var creds = new Microsoft.Azure.CertificateCloudCredentials("<my-sub-id>",
new X509Certificate2(Convert.FromBase64String(cert)));
var client = new Microsoft.Azure.Management.Automation.AutomationManagementClient(creds, new Uri("https://management.core.windows.net/"));
var content = client.Runbooks.List("<resource-group-id>", "<automation-account-name>");

每次我运行这个，无论我使用什么证书，我都会得到相同的错误：

An unhandled exception of type 'Hyak.Common.CloudException' occurred in Microsoft.Threading.Tasks.dll

Additional information: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

我已尝试下载设置文件，该文件包含您在启动Azure帐户时自动生成的管理证书。。。我所做的一切都不会让我与任何Azure订阅交谈

我是不是错过了一些基本的东西？

编辑：一些附加信息

因此，我决定创建一个应用程序并使用JWT身份验证方法。

我已经添加了一个应用程序，授予了Azure Service Management API的应用程序权限，并确保用户是共同管理员，即使使用令牌，我仍然会收到相同的错误。。。

const string tenantId = "xx";
const string clientId = "xx";
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
var user = "<user>";
var pwd = "<pass>";
var userCred = new UserCredential(user, pwd);
var result = context.AcquireToken("https://management.core.windows.net/", clientId, userCred);
var token = result.CreateAuthorizationHeader().Substring("Bearer ".Length);  // Token comes back fine and I can inspect and see that it's valid for 1 hour - all looks ok...
var sub = "<subscription-id>";
var creds = new TokenCloudCredentials(sub, token);
var client = new AutomationManagementClient(creds, new Uri("https://management.core.windows.net/"));
var content = client.Runbooks.List("<resource-group>", "<automation-id>");

我也尝试过使用其他Azure库（如身份验证、数据中心等），但我得到了相同的错误：

ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

我确信这只是我需要在这个单一的管理门户中的某个地方打勾的一个tickbox，但我遵循了一些关于如何做到这一点的教程，他们最终都出现了这个错误。。。

    public async Task StartAzureRunbook()
    {
        try
        {
            var subscriptionId = "azure subscription Id";
            string base64cer = "****long string here****"; //taken from http://stackoverflow.com/questions/24999518/azure-api-the-server-failed-to-authenticate-the-request
            var cert = new X509Certificate2(Convert.FromBase64String(base64cer));
            var client = new Microsoft.Azure.Management.Automation.AutomationManagementClient(new CertificateCloudCredentials(subscriptionId, cert));
            var ct = new CancellationToken();
            var content = await client.Runbooks.ListByNameAsync("MyAutomationAccountName", "MyRunbookName", ct);

            var firstOrDefault = content?.Runbooks.FirstOrDefault();
            if (firstOrDefault != null)
            {
                var operation = client.Runbooks.Start("MyAutomationAccountName", new RunbookStartParameters(firstOrDefault.Id));
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }
    }