I have encountered a strange behavior when trying to connect to Azure App Configuration with an Azure Identity from an ASP.Net Web Application. Current environment is .Net Framework 4.8, but the behavior is the same on 4.7.2 and 4.6.1.
I am using Microsoft.Extensions.Configuration.AzureAppConfiguration 4.0.0 and Azure.Identity 1.3.0. During local development I am using a service principal (AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET defined in environment) and on Azure the system assigned ManagedIdentity of the app service.
private IConfiguration GetConfiguration(string label = null)
{
TokenCredential credential = new DefaultAzureCredential();
return new Microsoft.Extensions.Configuration.ConfigurationBuilder()
.AddAzureAppConfiguration(options =>
{
options = options.Connect(
new Uri(Environment.GetEnvironmentVariable("APP_CONFIGURATION_ENDPOINT")), credential)
.ConfigureKeyVault(kv => { kv.SetCredential(credential); });
if (!string.IsNullOrEmpty(label))
{
options.Select(KeyFilter.Any, label);
}
else
{
options.Select(KeyFilter.Any, LabelFilter.Null);
}
})
.Build();
}
This code snippet works, when executed during application startup, e.g. RouteConfig. All subsequent calls are working, also refresh does work without problems.
The problems are starting when first calling App Configuration at a later time, e.g. during a request. The code hangs without an error message. In my special situation I am not able to connect to Azure App Configuration at startup time.
When using .Net Core, everything works like a charm but currently this is not an option.
Here are the logs.
When executed during startup:
Starting IIS Express ...
Successfully registered URL "http://localhost:5000/" for site "AppConfigTest3" application "/"
Registration completed for site "AppConfigTest3"
IIS Express is running.
Enter 'Q' to stop IIS Express
Loading configuration ...
Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential
Using Azure environment
Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential
Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io
Before configure KeyVault credential
After configure KeyVault credential
Before executing Build()
EscalationMonitorInterval: 300
Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential
Using Azure environment
Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential
Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io
Before configure KeyVault credential
After configure KeyVault credential
Before executing Build()
Azure Config loaded
Anforderung gestartet: "GET" http://localhost:5000/
If called the first time during a request, I'm getting the following log:
Starting IIS Express ...
Successfully registered URL "http://localhost:5000/" for site "AppConfigTest3" application "/"
Registration completed for site "AppConfigTest3"
IIS Express is running.
Enter 'Q' to stop IIS Express
Azure Config loaded
Anforderung gestartet: "GET" http://localhost:5000/
Response sent: http://localhost:5000/ with HTTP status 200.0
Anforderung gestartet: "GET" http://localhost:5000/Home/About
Loading configuration ...
Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential
Using Azure environment
Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential
Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io
Before configure KeyVault credential
After configure KeyVault credential
Before executing Build()
Nothing happens and the request does not return.
I'm stucked at this point. Does someone has a solution for this problem? Thank you.
Regards, Stati
This is because of a bug introduced in
Azure.Corepackage version 1.4.1. The bug has been fixed inAzure.Coreversion 1.9.0. Since you are referencingAzure.Identityversion 1.3.0, you have an indirect dependency onAzure.Coreversion 1.6.0.Your problem can be fixed by adding an explicit dependency on Azure.Core v1.9.0 or later.