Menu
I am trying to create Cosmos Database in C# with AAD.
CosmosClient CreateDatabaseIfNotExistsAsync method is throwing Cosmos exception as
"Forbidden (403); Substatus: 5300; Request blocked by Auth cosmos-eus2-01 : The given request [POST /dbs] cannot be authorized by AAD token"
Microsoft document says "Using Microsoft Entra identities blocks any non-data operation". Here is the link https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/troubleshoot-forbidden#non-data-operations-are-not-allowed
Creating CosmosClient with account key is the only workaround for this error?
961
asked Dec 28 '25 21:12
Yes. You cannot perform Management Plane operations with AAD credentials on a Data Plane SDK.
As the documentation link you provided says, which points to https://learn.microsoft.com/azure/cosmos-db/how-to-setup-rbac#permission-model:
You cannot use any Azure Cosmos DB data plane SDK to authenticate management operations with a Microsoft Entra identity. Instead, you must use Azure role-based access control through one of the following options
For .NET, it is Azure.ResourceManager.CosmosDB
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
