If you have setup an Azure Service Fabric cluster and secured it using Azure Active directory, you may run in to the same problem I did when I went to deploy an application from Visual Studio 2015. You can refer back to my other post on this if you are not sure how this is setup https://blogs.msdn.microsoft.com/ncdevguy/2016/12/21/securing-an-azure-service-fabric-cluster-with-azure-active-directory-via-the-azure-portal/.
In Visual Studio, whenever you publish an application to the cluster, you will be prompted to log in to Azure with your Azure subscription credentials. As you can see in the screenshot, you will see both your certificate thumbprint and AzureActiveDirectory = true.
Since I had all this setup, I then attempted to deploy the application. The deployment failed and I was presented with this error in the Visual Studio output window.
1>------ Build started: Project: HealthApp, Configuration: Debug x64 ------
2>------ Publish started: Project: HealthApp, Configuration: Debug x64 ------
2>AADSTS50105: The signed in user is not assigned to a role for the application '1458052a-a261-4d8a-8bf3-e7529ce62ba8'.
2>Trace ID: 4b8ad5d7-94e3-456d-a0f8-13a13144eb9d
2>Correlation ID: 75cddc9f-f9af-405f-8593-42af6dfd8c85
2>Timestamp: 2016-12-14 19:58:18Z
As you may recall, when you do a publish, you have to log in to your Azure subscription from the publish dialog box.
If these log in credentials, or rather this user, is not also assigned the Admin role in AAD for the web client app, then Visual Studio will not be able to connect to the cluster and therefore can’t do a publish. Normally you will add specific users that are assigned the Admin and Read-Only user roles for the app and it can be easy to forget to setup app permissions for the user logging in to Azure.
So, add that subscription user as an Admin for the Web Client app in AAD.
You should now be able to deploy the application to your secure cluster in Azure.
Hope this helps you in your work with Azure Service Fabric!