I have a web api in C# 6, deployed as a web service in azure. Trying to access the swagger i.e. https://myWebService.azurewebsites.net/swagger , I am getting this error in the logs:
2023-01-28T16:47:54.529264514Z System.ArgumentNullException: IDW10106: The 'ClientId' option must be provided.
The ClientId is specified in the secret.json but it looks as if after deploy the program reads from appsettings.json, where it's blank.
I am using the system-managed-identity method described here: https://github.com/Azure-Samples/serviceconnector-webapp-appconfig-dotnet more precisely, here: https://github.com/Azure-Samples/serviceconnector-webapp-appconfig-dotnet/blob/main/system-managed-identity/ServiceConnectorSample/Program.cs
I have created an "App Configuration" where, in "Configuration Explorer", the structure of the appsettings is mimic'ed like so: root:ConnectionStrings:AbcDatabase or root:AzureAD:ClientId are given, with their respective value. Also, from App COnfiguration > Access Control > Role assignments > I have added the web app Id (which requires previously enabling identity on the web app)
I am not sure what else to try, but I can tell that from my local, I am able to connect successfully to the Azure Db by doing this trick (which is obviously not what I want to do in production):
try
{
builder.Configuration.AddAzureAppConfiguration(options =>
{
if (!string.IsNullOrEmpty(appConfigEndpoint))
{
options.Connect(new Uri(appConfigEndpoint), new DefaultAzureCredential());
}
});
}
catch (Exception ex)
{
builder.Configuration.AddAzureAppConfiguration("Endpoint=https://xxx.azconfig.io;Id=xxx:xxx5;Secret=xxx=");
}
In the "catch" the endpoint found in the App COnfiguration > Access keys > Connection String is given. This only works on local. Doesn't work upon deploy, and it's anyway not a good solution, because I don't want to pass the secret in code, I want it to be read from the Service Configuration, when I do "new DefaultAzureCredential()" - not sure how the Default shoudl know where my ClientId is stored in the App Config, however.
For that reason, I also tried something like:
var builder = WebApplication.CreateBuilder(args);
var appConfigEndpoint = builder.Configuration["root:ConnectionStrings:AppConfigEndpoint"]?.ToString();
var userAssignedClientId = builder.Configuration["root:AzureAD:ClientId"]?.ToString();
builder.Configuration.AddAzureAppConfiguration(options =>
{
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedClientId });
if (!string.IsNullOrEmpty(appConfigEndpoint))
{
options.Connect(new Uri(appConfigEndpoint), credential);
}
});
But this also gives the same error about the ClientId.
Also confusing to me whether the App COnfiguration should also have Identity set to ON and do I give it any permissions from here or what to do with the Id here? In the App Service where I am actually deploying my solution I have enabled Identity and use that from the App Config to give the App Service permission to use the App Config.
Hope someone can advise and please let me know if I am missing any important details.