ManagedIdentityCredential.GetToken very slow on first authentication

Question

I have a very small Blazor app running on an Azure App Service, Standard(S1) tier. Users are in the low double digits. The initial connection for the user is very slow. The user gets a white screen for ~10 seconds before Blazor's first render kicks-in and starts displaying the HTML.

I found the culprit, which is the ManagedIdentityCredential.GetToken which is taking 14 seconds.

My problem is I understand zero about how the authentication works. When I setup my project I chose AAD auth and everything just worked, and there is no "code" visible to me for the auth process. In Visual Studio I can see my Connected Services has Microsoft Identity Platform.

 

All the Microsoft articles I've show problems with getting an auth token from VS but nothing like this happening on Azure. Any suggestions how to troubleshoot?

Answer 1

The thing in your code that calls ManagedIdentityCredential.GetToken() is usually the usage of DefaultAzureCredential().

I doubt the identity provider is that slow, you may be experiencing a cold start on your app service. You can try to mitigate this by enabling Always On for the App Service. This does not incur any additional cost on the Standard tier.

https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#configure-general-settings

Always On: Keeps the app loaded even when there's no traffic. When Always On isn't turned on (default), the app is unloaded after 20 minutes without any incoming requests. The unloaded app can cause high latency for new requests because of its warm-up time. When Always On is turned on, the front-end load balancer sends a GET request to the application root every five minutes. The continuous ping prevents the app from being unloaded.